Fix out-of-bounds read in MC/DC coverage eval_expr

[tautschnig]

The eval_expr function in cover_instrument_mcdc.cpp dereferences the result of std::map::find() without checking for end(). This happens when values_of_atomic_exprs skips inconsistent expressions (where signs.size() != 1), leaving them absent from the map. When eval_expr later encounters such an expression, find() returns end() and the dereference is undefined behavior (stack-buffer-overflow detected by AddressSanitizer).

Fix by checking the iterator before dereferencing.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[Copilot]

Pull request overview

This PR fixes an undefined behavior (out-of-bounds read / stack-buffer-overflow) in the MC/DC coverage instrumentation. The eval_expr function dereferences the result of std::map::find() without checking whether the key was found. This can happen when values_of_atomic_exprs skips inconsistent expressions (where signs.size() != 1), leaving them absent from the map.

Changes:

• Added an iterator validity check (it != atomic_exprs.end()) before dereferencing the find() result in eval_expr, treating missing entries as false.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.00%. Comparing base (7a4df92) to head (6fb1565).
⚠️ Report is 2 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #8862      +/-   ##
===========================================
- Coverage    80.01%   80.00%   -0.01%     
===========================================
  Files         1703     1703              
  Lines       188396   188397       +1     
  Branches        73       73              
===========================================
- Hits        150738   150736       -2     
- Misses       37658    37661       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.