Merge pull request #5011 from diffblue/opX-goto-instrument

fix exprt::opX accesses in goto-instrument

Author: Daniel Kroening

src/goto-instrument/accelerate/overflow_instrumenter.cpp

@@ -211,7 +211,7 @@ void overflow_instrumentert::overflow_expr(
           expr.id()==ID_mult)
   {
     // A generic arithmetic operation.
-    exprt overflow("overflow-" + expr.id_string(), bool_typet());
+    multi_ary_exprt overflow("overflow-" + expr.id_string(), bool_typet());
     overflow.operands()=expr.operands();
 
     if(expr.operands().size()>=3)
@@ -223,7 +223,7 @@ void overflow_instrumentert::overflow_expr(
 
         if(i==1)
         {
-          tmp=expr.op0();
+          tmp = to_multi_ary_expr(expr).op0();
         }
         else
         {

src/goto-instrument/accelerate/polynomial.cpp

@@ -117,10 +117,11 @@ void polynomialt::from_expr(const exprt &expr)
           expr.id()==ID_minus ||
           expr.id()==ID_mult)
   {
+    const auto &multi_ary_expr = to_multi_ary_expr(expr);
     polynomialt poly2;
 
-    from_expr(expr.op0());
-    poly2.from_expr(expr.op1());
+    from_expr(multi_ary_expr.op0());
+    poly2.from_expr(multi_ary_expr.op1());
 
     if(expr.id()==ID_minus)
     {
@@ -148,7 +149,7 @@ void polynomialt::from_expr(const exprt &expr)
     // Pretty shady...  We just throw away the typecast...  Pretty sure this
     // isn't sound.
     // XXX - probably not sound.
-    from_expr(expr.op0());
+    from_expr(to_typecast_expr(expr).op());
   }
   else
   {

src/goto-instrument/dot.cpp

@@ -41,7 +41,7 @@ class dott
 
   unsigned subgraphscount;
 
-  std::list<exprt> function_calls;
+  std::list<std::pair<std::string, exprt>> function_calls;
   std::list<exprt> clusters;
 
   void
@@ -145,17 +145,16 @@ void dott::write_dot_subgraph(
         tmp.str("Atomic End");
       else if(it->is_function_call())
       {
-        std::string t = from_expr(ns, function_id, it->code);
+        const auto &function_call = it->get_function_call();
+        std::string t = from_expr(ns, function_id, function_call);
         while(t[ t.size()-1 ]=='\n')
           t = t.substr(0, t.size()-1);
         tmp.str(escape(t));
 
-        exprt fc;
         std::stringstream ss;
         ss << "Node_" << subgraphscount << "_" << it->location_number;
-        fc.operands().push_back(exprt(ss.str()));
-        fc.operands().push_back(it->code.op1());
-        function_calls.push_back(fc);
+        function_calls.push_back(
+          std::pair<std::string, exprt>(ss.str(), function_call.function()));
       }
       else if(it->is_assign() ||
               it->is_decl() ||
@@ -224,36 +223,40 @@ void dott::write_dot_subgraph(
 void dott::do_dot_function_calls(
   std::ostream &out)
 {
-  for(const auto &expr : function_calls)
+  for(const auto &call : function_calls)
   {
     std::list<exprt>::const_iterator cit=clusters.begin();
     for( ; cit!=clusters.end(); cit++)
-      if(cit->get("name")==expr.op1().get(ID_identifier))
+      if(cit->get("name") == call.second.get(ID_identifier))
         break;
 
     if(cit!=clusters.end())
     {
-      out << expr.op0().id() <<
-        " -> " "Node_" << cit->get("nr") << "_0" <<
-        " [lhead=\"cluster_" << expr.op1().get(ID_identifier) << "\"," <<
-        "color=blue];\n";
+      out << call.first
+          << " -> "
+             "Node_"
+          << cit->get("nr") << "_0"
+          << " [lhead=\"cluster_" << call.second.get(ID_identifier) << "\","
+          << "color=blue];\n";
     }
     else
     {
-      out << "subgraph \"cluster_" << expr.op1().get(ID_identifier) <<
-        "\" {\n";
+      out << "subgraph \"cluster_" << call.second.get(ID_identifier)
+          << "\" {\n";
       out << "rank=sink;\n";
-      out << "label=\"" << expr.op1().get(ID_identifier) << "\";\n";
+      out << "label=\"" << call.second.get(ID_identifier) << "\";\n";
       out << "Node_" << subgraphscount << "_0 " <<
         "[shape=Mrecord,fontsize=22,label=\"?\"];\n";
       out << "}\n";
       clusters.push_back(exprt("cluster"));
-      clusters.back().set("name", expr.op1().get(ID_identifier));
+      clusters.back().set("name", call.second.get(ID_identifier));
       clusters.back().set("nr", subgraphscount);
-      out << expr.op0().id() <<
-        " -> " "Node_" << subgraphscount << "_0" <<
-        " [lhead=\"cluster_" << expr.op1().get("identifier") << "\"," <<
-        "color=blue];\n";
+      out << call.first
+          << " -> "
+             "Node_"
+          << subgraphscount << "_0"
+          << " [lhead=\"cluster_" << call.second.get("identifier") << "\","
+          << "color=blue];\n";
       subgraphscount++;
     }
   }

src/goto-instrument/goto_program2code.cpp

@@ -109,8 +109,7 @@ void goto_program2codet::scan_for_varargs()
         r.id() == ID_side_effect &&
         to_side_effect_expr(r).get_statement() == ID_va_start)
       {
-        assert(r.has_operands());
-        va_list_expr.insert(r.op0());
+        va_list_expr.insert(to_unary_expr(r).op());
       }
       // try our modelling of va_start
       else if(l.type().id()==ID_pointer &&
@@ -315,7 +314,8 @@ goto_programt::const_targett goto_program2codet::convert_assign_varargs(
   {
     code_function_callt f(
       symbol_exprt(ID_va_start, code_typet({}, empty_typet())),
-      {this_va_list_expr, to_address_of_expr(skip_typecast(r.op0())).object()});
+      {this_va_list_expr,
+       to_address_of_expr(skip_typecast(to_unary_expr(r).op())).object()});
 
     dest.add(std::move(f));
   }
@@ -865,7 +865,7 @@ goto_programt::const_targett goto_program2codet::convert_goto_switch(
   // try to figure out whether this was a switch/case
   exprt eq_cand=target->guard;
   if(eq_cand.id()==ID_or)
-    eq_cand=eq_cand.op0();
+    eq_cand = to_or_expr(eq_cand).op0();
 
   if(target->is_backwards_goto() ||
      eq_cand.id()!=ID_equal ||