Cleanup asserts & throws - replace with invariants - dir util/s* (part2) #2910
Conversation
sonodtt
requested review from
kroening,
peterschrammel,
pkesseli,
smowton and
tautschnig
as code owners
|
Contains minor refactoring of related code. |
src/util/simplify_expr_int.cpp
Outdated
| if(!is_bitvector_type(op0_type)) | ||
| return true; | ||
| PRECONDITION(expr.id() == ID_extractbit); | ||
| auto &extractbit_expr = to_extractbit_expr(expr); |
There was a problem hiding this comment.
Should be auto const&
| INVARIANT( | ||
| !bytes.empty(), | ||
| "bytes is not empty because we just pushed just as many elements on " | ||
| "top of it as we are popping now"); |
There was a problem hiding this comment.
May I suggest to move this out of the loop and instead check that at least as many elements are contained in bytes?
There was a problem hiding this comment.
@tautschnig I'm inclined to feel that the invariant here is checking for UB in case someone makes an error in the loop condition.
Moving the invariant out of the loop would seem to check something that is trivially true (I think...).
There was a problem hiding this comment.
Ok, not a big deal, I personally would have thought we don't need to guard against all possible future errors, but figuring out where exactly to draw this line is hard. Surely not a blocker here.
| INVARIANT( | ||
| constant_found, | ||
| "c_sizeof_type is only set to a non-nil value " | ||
| "if a constant has been found"); |
There was a problem hiding this comment.
Hmm, having two entangled variables is questionable - I know, not your design choice, but still worth looking into I'd say.
There was a problem hiding this comment.
The redesign of this section to disentangle these two variables might be considered not in the scope of the PR.
src/util/simplify_expr_int.cpp
Outdated
| @@ -439,6 +445,8 @@ bool simplify_exprt::simplify_mod(exprt &expr) | |||
|
|
|||
| bool simplify_exprt::simplify_plus(exprt &expr) | |||
| { | |||
| PRECONDITION(expr.id() == ID_plus); | |||
There was a problem hiding this comment.
There's a plus_exprt, let's use this here.
There was a problem hiding this comment.
You mean to_plus_exprt instead of the PRECONDITION? I don't like that too much, the PRECONDITION here makes it clear we're expecting a plus_exprt whereas calling to_plus_exprt instead might be read as us just forgetting to check if it actually is...
There was a problem hiding this comment.
I was meaning to suggest that the function take a plus_exprt &expr as parameter. Will discuss further with extractbit below.
src/util/simplify_expr_int.cpp
Outdated
| @@ -597,14 +603,14 @@ bool simplify_exprt::simplify_plus(exprt &expr) | |||
|
|
|||
| bool simplify_exprt::simplify_minus(exprt &expr) | |||
| { | |||
| PRECONDITION(expr.id() == ID_minus); | |||
src/util/simplify_expr_int.cpp
Outdated
| if(!is_bitvector_type(op0_type)) | ||
| return true; | ||
| PRECONDITION(expr.id() == ID_extractbit); | ||
| auto &extractbit_expr = to_extractbit_expr(expr); |
There was a problem hiding this comment.
Pass extractbit_exprt as parameter, and let to_extractbit_expr do all the work (at the call site) - no need for duplication.
There was a problem hiding this comment.
This can't take an extractbit_exprt because the parameter is an in/out parameter, and the result is not always going to be another extractbit_exprt
There was a problem hiding this comment.
We have this problem across all simplifier functions. The cleanest approach might be changing the return type from bool to something more elaborate so that we can return the modified expression, and would instead take a const reference as argument. Thus far, the workaround was using swap instead of direct assignments. I think it's important to get rid of the duplicate checks on input parameters (there should only be a check at the call site).
There was a problem hiding this comment.
@tautschnig I'm going to split this part out - and make a note for it to be considered in the context of #2939 and your remarks on #2910 (comment)
src/util/simplify_expr_int.cpp
Outdated
| { | ||
| return true; | ||
| } | ||
| mp_integer index_as_int = index_converted_to_int.has_value(); |
There was a problem hiding this comment.
That's ... trivially true? You might have wanted .value() instead of has_value?
src/util/simplify_expr_int.cpp
Outdated
|
|
||
| mp_integer i; | ||
| std::size_t src_bit_width = to_bitvector_type(src_type).get_width(); |
src/util/simplify_expr_int.cpp
Outdated
| return true; | ||
| } |
There was a problem hiding this comment.
I believe this check is unnecessary as the subsequent numeric_cast<mp_integer> would catch this case anyway.
src/util/simplify_expr_int.cpp
Outdated
| return true; | ||
|
|
||
| bool bit=(id2string(value)[width-integer2size_t(i)-1]=='1'); | ||
| bool bit = | ||
| (id2string(src_value) |
There was a problem hiding this comment.
Do id2string earlier on as doing src_value.size() will also require building the string.
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: 99b2b26).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/84018230
There was a problem hiding this comment.
This PR failed Diffblue compatibility checks (cbmc commit: d12acb3).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/84135814
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
sonodtt
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
from
d12acb3 to
3ef24a2
Compare
src/util/simplify_expr_int.cpp
Outdated
|
|
||
| //May I suggest to move this out of the loop and instead check that at least as many elements are contained in bytes? | ||
| // this invariant protects against someone modifying the loop | ||
| // expression - a bit pointless for it to be outside the loop. |
There was a problem hiding this comment.
I don't think this belongs in here?
src/util/simplify_expr_int.cpp
Outdated
| // this invariant protects against someone modifying the loop | ||
| // expression - a bit pointless for it to be outside the loop. | ||
| // this invariant protects against someone modifying the loop | ||
| // expression - a bit pointless for it to be outside the loop. |
There was a problem hiding this comment.
Apologies @tautschnig - this was an internal note for a colleague for a second opinion.
I was used to a workflow where I'd push to get CI going, review, then re-add reviewers to flag ready for re-review.
You often re-review quite quickly - in future will push after local checks.
There was a problem hiding this comment.
Oh don't worry, I was just naively assuming this was ready for re-review.
sonodtt
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
4 times, most recently
from
b34cee7 to
05debde
Compare
hannes-steffenhagen-diffblue
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
from
05debde to
d3a148d
Compare
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: d3a148d).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86186513
hannes-steffenhagen-diffblue
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
2 times, most recently
from
5083a53 to
bd2558b
Compare
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: bd2558b).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86464235
|
@tautschnig Can you rereview? There is a clang-format failure that I can't fix at the moment
NVM the above part, it's been rightfully pointed out to me that not having a one line change be done automatically for you is a stupid reason to delay it. |
* C-style asserts are deprecated in favor of CBMCs INVARIANT macros * Some minor refactoring that was relevant to the cleanup.
hannes-steffenhagen-diffblue
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
from
bd2558b to
d5837ad
Compare
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: d5837ad).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86491547
| @@ -604,43 +604,42 @@ bool simplify_exprt::simplify_plus(exprt &expr) | |||
|
|
|||
| bool simplify_exprt::simplify_minus(exprt &expr) | |||
| { | |||
| auto const &minus_expr = to_minus_expr(expr); | |||
There was a problem hiding this comment.
The lines after this one still use expr, not minus_expr
There was a problem hiding this comment.
I've made the functions use them where it seemed reasonable.
src/util/simplify_expr_int.cpp
Outdated
| @@ -446,6 +446,8 @@ bool simplify_exprt::simplify_mod(exprt &expr) | |||
|
|
|||
| bool simplify_exprt::simplify_plus(exprt &expr) | |||
| { | |||
| // only used to check structural invariants | |||
| (void)to_plus_expr(expr); | |||
There was a problem hiding this comment.
Maybe still use this, in particular the const version thereof, in the next lines? Doing .type() on a const expression is cheaper, thus beneficial.
hannes-steffenhagen-diffblue
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
from
d5837ad to
07f7d1e
Compare
* Use to_minus_expr instead of asserting the expression id * Rename the local variables for easier readability
to_plus_expr should check if an expression is a plus_exprt, this avoids duplicating checks across the codebase
hannes-steffenhagen-diffblue
force-pushed
the
invariant-cleanup-util_dir-s_files-part2
branch
from
07f7d1e to
69e5c2d
Compare
There was a problem hiding this comment.
This PR failed Diffblue compatibility checks (cbmc commit: 07f7d1e).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86591624
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: 69e5c2d).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86592975
Cleanup of asserts - replaced with invariants.
Removed all unstructured throw(...) statements, replacing with INVARIANT, PRECONDITION, etc. where appropriate.