Invariant cleanup

Sonny Martin · Sonny Martin · commit 3a915bf0590f · 2018-09-04T14:58:02.000+01:00
diff --git a/src/util/mp_arith.cpp b/src/util/mp_arith.cpp
@@ -257,9 +257,9 @@ mp_integer arith_left_shift(
   std::size_t true_size)
 {
   PRECONDITION(a.is_long() && b.is_ulong());
+  PRECONDITION(b <= true_size || a == 0);
+
   ullong_t shift=b.to_ulong();
-  if(shift>true_size && a!=mp_integer(0))
-    throw "shift value out of range";
 
   llong_t result=a.to_long()<<shift;
   llong_t mask=
@@ -280,8 +280,7 @@ mp_integer arith_right_shift(
   PRECONDITION(a.is_long() && b.is_ulong());
   llong_t number=a.to_long();
   ullong_t shift=b.to_ulong();
-  if(shift>true_size)
-    throw "shift value out of range";
+  DATA_INVARIANT(shift <= true_size, "shift value must be in range");
 
   const llong_t sign = (1LL << (true_size - 1)) & number;
   const llong_t pad = (sign == 0) ? 0 : ~((1LL << (true_size - shift)) - 1);
@@ -298,9 +297,9 @@ mp_integer logic_left_shift(
   std::size_t true_size)
 {
   PRECONDITION(a.is_long() && b.is_ulong());
+  PRECONDITION(b <= true_size || a == 0);
+
   ullong_t shift=b.to_ulong();
-  if(shift>true_size && a!=mp_integer(0))
-    throw "shift value out of range";
   llong_t result=a.to_long()<<shift;
   if(true_size<(sizeof(llong_t)*8))
   {
@@ -324,10 +323,9 @@ mp_integer logic_right_shift(
   std::size_t true_size)
 {
   PRECONDITION(a.is_long() && b.is_ulong());
-  ullong_t shift=b.to_ulong();
-  if(shift>true_size)
-    throw "shift value out of range";
+  PRECONDITION(b <= true_size);
 
+  ullong_t shift = b.to_ulong();
   ullong_t result=((ullong_t)a.to_long()) >> shift;
   return result;
 }
@@ -341,10 +339,10 @@ mp_integer rotate_right(
   std::size_t true_size)
 {
   PRECONDITION(a.is_ulong() && b.is_ulong());
+  PRECONDITION(b <= true_size);
+
   ullong_t number=a.to_ulong();
   ullong_t shift=b.to_ulong();
-  if(shift>true_size)
-    throw "shift value out of range";
 
   ullong_t revShift=true_size-shift;
   const ullong_t filter = 1ULL << (true_size - 1);
@@ -361,10 +359,10 @@ mp_integer rotate_left(
   std::size_t true_size)
 {
   PRECONDITION(a.is_ulong() && b.is_ulong());
+  PRECONDITION(b <= true_size);
+
   ullong_t number=a.to_ulong();
   ullong_t shift=b.to_ulong();
-  if(shift>true_size)
-    throw "shift value out of range";
 
   ullong_t revShift=true_size-shift;
   const ullong_t filter = 1ULL << (true_size - 1);
diff --git a/src/util/namespace.cpp b/src/util/namespace.cpp
@@ -80,24 +80,27 @@ const typet &namespace_baset::follow(const typet &src) const
 const typet &namespace_baset::follow_tag(const union_tag_typet &src) const
 {
   const symbolt &symbol=lookup(src.get_identifier());
-  assert(symbol.is_type);
-  assert(symbol.type.id()==ID_union || symbol.type.id()==ID_incomplete_union);
+  CHECK_RETURN(symbol.is_type);
+  CHECK_RETURN(
+    symbol.type.id() == ID_union || symbol.type.id() == ID_incomplete_union);
   return symbol.type;
 }
 
 const typet &namespace_baset::follow_tag(const struct_tag_typet &src) const
 {
   const symbolt &symbol=lookup(src.get_identifier());
-  assert(symbol.is_type);
-  assert(symbol.type.id()==ID_struct || symbol.type.id()==ID_incomplete_struct);
+  CHECK_RETURN(symbol.is_type);
+  CHECK_RETURN(
+    symbol.type.id() == ID_struct || symbol.type.id() == ID_incomplete_struct);
   return symbol.type;
 }
 
 const typet &namespace_baset::follow_tag(const c_enum_tag_typet &src) const
 {
   const symbolt &symbol=lookup(src.get_identifier());
-  assert(symbol.is_type);
-  assert(symbol.type.id()==ID_c_enum || symbol.type.id()==ID_incomplete_c_enum);
+  CHECK_RETURN(symbol.is_type);
+  CHECK_RETURN(
+    symbol.type.id() == ID_c_enum || symbol.type.id() == ID_incomplete_c_enum);
   return symbol.type;
 }
 
diff --git a/src/util/namespace.h b/src/util/namespace.h
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_UTIL_NAMESPACE_H
 #define CPROVER_UTIL_NAMESPACE_H
 
+#include "invariant.h"
 #include "irep.h"
 
 class symbol_tablet;
@@ -33,8 +34,11 @@ class namespace_baset
   const symbolt &lookup(const irep_idt &name) const
   {
     const symbolt *symbol;
-    if(lookup(name, symbol))
-      throw "identifier "+id2string(name)+" not found";
+    bool not_found = lookup(name, symbol);
+    INVARIANT(
+      !not_found,
+      "we are assuming that a name exists in the namespace "
+      "when this function is called");
     return *symbol;
   }
 
diff --git a/src/util/pointer_predicates.cpp b/src/util/pointer_predicates.cpp
@@ -226,7 +226,7 @@ exprt object_lower_bound(
   exprt p_offset=pointer_offset(pointer);
 
   exprt zero=from_integer(0, p_offset.type());
-  assert(zero.is_not_nil());
+  CHECK_RETURN(zero.is_not_nil());
 
   if(offset.is_not_nil())
   {
diff --git a/src/util/rational.cpp b/src/util/rational.cpp
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 /// Rational Numbers
 
 #include "rational.h"
+#include "invariant.h"
 
 #include <algorithm>
 #include <ostream>
@@ -48,7 +49,7 @@ rationalt &rationalt::operator*=(const rationalt &n)
 
 rationalt &rationalt::operator/=(const rationalt &n)
 {
-  assert(!n.numerator.is_zero());
+  PRECONDITION(!n.numerator.is_zero());
   numerator*=n.denominator;
   denominator*=n.numerator;
   normalize();
@@ -90,7 +91,7 @@ void rationalt::same_denominator(rationalt &n)
 
 void rationalt::invert()
 {
-  assert(numerator!=0);
+  PRECONDITION(numerator != 0);
   std::swap(numerator, denominator);
 }
 
diff --git a/src/util/reference_counting.h b/src/util/reference_counting.h
@@ -14,6 +14,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cassert>
 
+#include "invariant.h"
+
 template<typename T>
 // NOLINTNEXTLINE(readability/identifiers)
 class reference_counting
@@ -33,7 +35,7 @@ class reference_counting
   {
     if(d!=nullptr)
     {
-      assert(d->ref_count!=0);
+      PRECONDITION(d->ref_count != 0);
       d->ref_count++;
       #ifdef REFERENCE_COUNTING_DEBUG
       std::cout << "COPY " << d << " " << d->ref_count << '\n';
@@ -96,7 +98,7 @@ class reference_counting
 
   void copy_from(const reference_counting &other)
   {
-    assert(&other!=this); // check if we assign to ourselves
+    PRECONDITION(&other != this); // check if we assign to ourselves
 
     #ifdef REFERENCE_COUNTING_DEBUG
     std::cout << "COPY " << (&other) << "\n";
@@ -121,7 +123,7 @@ void reference_counting<T>::remove_ref(dt *old_d)
   if(old_d==nullptr)
     return;
 
-  assert(old_d->ref_count!=0);
+  PRECONDITION(old_d->ref_count != 0);
 
   #ifdef REFERENCE_COUNTING_DEBUG
   std::cout << "R: " << old_d << " " << old_d->ref_count << '\n';
@@ -172,7 +174,7 @@ void reference_counting<T>::detach()
     remove_ref(old_d);
   }
 
-  assert(d->ref_count==1);
+  POSTCONDITION(d->ref_count == 1);
 
   #ifdef REFERENCE_COUNTING_DEBUG
   std::cout << "DETACH2: " << d << '\n'

Original file line number	Diff line number	Diff line change
`@@ -80,24 +80,27 @@ const typet &namespace_baset::follow(const typet &src) const`
`80`	`80`	`const typet &namespace_baset::follow_tag(const union_tag_typet &src) const`
`81`	`81`	`{`
`82`	`82`	`const symbolt &symbol=lookup(src.get_identifier());`
`83`		`- assert(symbol.is_type);`
`84`		`- assert(symbol.type.id()==ID_union \|\| symbol.type.id()==ID_incomplete_union);`
	`83`	`+ CHECK_RETURN(symbol.is_type);`
	`84`	`+ CHECK_RETURN(`
	`85`	`+ symbol.type.id() == ID_union \|\| symbol.type.id() == ID_incomplete_union);`
`85`	`86`	`return symbol.type;`
`86`	`87`	`}`
`87`	`88`
`88`	`89`	`const typet &namespace_baset::follow_tag(const struct_tag_typet &src) const`
`89`	`90`	`{`
`90`	`91`	`const symbolt &symbol=lookup(src.get_identifier());`
`91`		`- assert(symbol.is_type);`
`92`		`- assert(symbol.type.id()==ID_struct \|\| symbol.type.id()==ID_incomplete_struct);`
	`92`	`+ CHECK_RETURN(symbol.is_type);`
	`93`	`+ CHECK_RETURN(`
	`94`	`+ symbol.type.id() == ID_struct \|\| symbol.type.id() == ID_incomplete_struct);`
`93`	`95`	`return symbol.type;`
`94`	`96`	`}`
`95`	`97`
`96`	`98`	`const typet &namespace_baset::follow_tag(const c_enum_tag_typet &src) const`
`97`	`99`	`{`
`98`	`100`	`const symbolt &symbol=lookup(src.get_identifier());`
`99`		`- assert(symbol.is_type);`
`100`		`- assert(symbol.type.id()==ID_c_enum \|\| symbol.type.id()==ID_incomplete_c_enum);`
	`101`	`+ CHECK_RETURN(symbol.is_type);`
	`102`	`+ CHECK_RETURN(`
	`103`	`+ symbol.type.id() == ID_c_enum \|\| symbol.type.id() == ID_incomplete_c_enum);`
`101`	`104`	`return symbol.type;`
`102`	`105`	`}`
`103`	`106`
Original file line number	Diff line number	Diff line change
`@@ -226,7 +226,7 @@ exprt object_lower_bound(`
`226`	`226`	`exprt p_offset=pointer_offset(pointer);`
`227`	`227`
`228`	`228`	`exprt zero=from_integer(0, p_offset.type());`
`229`		`- assert(zero.is_not_nil());`
	`229`	`+ CHECK_RETURN(zero.is_not_nil());`
`230`	`230`
`231`	`231`	`if(offset.is_not_nil())`
`232`	`232`	`{`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com`
`10`	`10`	`/// Rational Numbers`
`11`	`11`
`12`	`12`	`#include "rational.h"`
	`13`	`+#include "invariant.h"`
`13`	`14`
`14`	`15`	`#include <algorithm>`
`15`	`16`	`#include <ostream>`
`@@ -48,7 +49,7 @@ rationalt &rationalt::operator*=(const rationalt &n)`
`48`	`49`
`49`	`50`	`rationalt &rationalt::operator/=(const rationalt &n)`
`50`	`51`	`{`
`51`		`- assert(!n.numerator.is_zero());`
	`52`	`+ PRECONDITION(!n.numerator.is_zero());`
`52`	`53`	`numerator*=n.denominator;`
`53`	`54`	`denominator*=n.numerator;`
`54`	`55`	`normalize();`
`@@ -90,7 +91,7 @@ void rationalt::same_denominator(rationalt &n)`
`90`	`91`
`91`	`92`	`void rationalt::invert()`
`92`	`93`	`{`
`93`		`- assert(numerator!=0);`
	`94`	`+ PRECONDITION(numerator != 0);`
`94`	`95`	`std::swap(numerator, denominator);`
`95`	`96`	`}`
`96`	`97`