Produce annotated pointer constants in incremental SMT2 traces#8901
Draft
tautschnig wants to merge 1 commit intodiffblue:developfrom
Draft
Produce annotated pointer constants in incremental SMT2 traces#8901tautschnig wants to merge 1 commit intodiffblue:developfrom
tautschnig wants to merge 1 commit intodiffblue:developfrom
Conversation
When the incremental SMT2 decision procedure returns pointer values via
get(), it now creates annotated_pointer_constant_exprt instead of plain
constant_exprt. This enables the trace printer to display symbolic
pointer expressions (like string literals and address-of expressions)
instead of raw integer addresses.
The pointer bit-vector is decomposed into object ID (high bits) and
offset (low bits) using config.bv_encoding.object_bits. The object ID
is looked up in the decision procedure's object_map to find the base
expression, and get_subexpression_at_offset is used to construct the
symbolic pointer, following the same approach as the SAT backend's
pointer_logict::pointer_expr.
A new overload of construct_value_expr_from_smt accepts the
smt_object_mapt. The original overload without the object map continues
to work unchanged for backward compatibility.
Removes the no-new-smt tag from three regression tests that now pass
with the incremental SMT2 backend: trace-strings,
trace_address_arithmetic1, and xml-trace2.
When string constants or other expressions are substituted with
symbol_exprt identifiers during SMT conversion, the object_map tracks
the substituted symbol rather than the original expression. This caused
pointer values in traces to display as 'array_0' instead of the
original string literal like '"abc"'.
Add expression_identifiers parameter to construct_value_expr_from_smt
to enable reverse lookup from substituted symbol names back to original
expressions. In build_annotated_pointer, when the base expression from
the object_map is a symbol_exprt, check if it matches any identifier
in expression_identifiers and use the original expression for the
symbolic pointer display.
Passes all 170 smt2_incremental unit tests (1040 assertions) and
the trace-strings, trace_address_arithmetic1, and xml-trace2
regression tests with both SAT and incremental SMT2 backends.
When get_subexpression_at_offset fails, return nil_exprt{} instead
of a default-constructed exprt{} so that the is_nil() check in
build_annotated_pointer correctly detects the failure and falls
back to a plain constant_exprt.
Fixes: diffblue#8067
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When the incremental SMT2 decision procedure returns pointer values via get(), it now creates annotated_pointer_constant_exprt instead of plain constant_exprt. This enables the trace printer to display symbolic pointer expressions (like string literals and address-of expressions) instead of raw integer addresses.
The pointer bit-vector is decomposed into object ID (high bits) and offset (low bits) using config.bv_encoding.object_bits. The object ID is looked up in the decision procedure's object_map to find the base expression, and get_subexpression_at_offset is used to construct the symbolic pointer, following the same approach as the SAT backend's pointer_logict::pointer_expr.
A new overload of construct_value_expr_from_smt accepts the smt_object_mapt. The original overload without the object map continues to work unchanged for backward compatibility.
Removes the no-new-smt tag from three regression tests that now pass with the incremental SMT2 backend: trace-strings,
trace_address_arithmetic1, and xml-trace2.
When string constants or other expressions are substituted with symbol_exprt identifiers during SMT conversion, the object_map tracks the substituted symbol rather than the original expression. This caused pointer values in traces to display as 'array_0' instead of the original string literal like '"abc"'.
Add expression_identifiers parameter to construct_value_expr_from_smt to enable reverse lookup from substituted symbol names back to original expressions. In build_annotated_pointer, when the base expression from the object_map is a symbol_exprt, check if it matches any identifier in expression_identifiers and use the original expression for the symbolic pointer display.
Passes all 170 smt2_incremental unit tests (1040 assertions) and the trace-strings, trace_address_arithmetic1, and xml-trace2 regression tests with both SAT and incremental SMT2 backends.
When get_subexpression_at_offset fails, return nil_exprt{} instead of a default-constructed exprt{} so that the is_nil() check in build_annotated_pointer correctly detects the failure and falls back to a plain constant_exprt.
Fixes: #8067