Replace asserts and throws with INVARIANT etc.

John Nonweiler · NlightNFotis · commit ddd6d14d2136 · 2018-09-05T14:29:31.000+01:00
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
@@ -92,7 +92,9 @@ exprt build_full_lhs_rec(
           id==ID_byte_extract_big_endian)
   {
     exprt tmp=src_original;
-    assert(tmp.operands().size()==2);
+    DATA_INVARIANT(
+      tmp.operands().size() == 2,
+      "byte_extract_exprt should have two operands.");
     tmp.op0()=build_full_lhs_rec(prop_conv, ns, tmp.op0(), src_ssa.op0());
 
     // re-write into big case-split
diff --git a/src/goto-symex/goto_symex_state.cpp b/src/goto-symex/goto_symex_state.cpp
@@ -187,8 +187,8 @@ bool goto_symex_statet::constant_propagation_reference(const exprt &expr) const
   }
   else if(expr.id()==ID_member)
   {
-    if(expr.operands().size()!=1)
-      throw "member expects one operand";
+    DATA_INVARIANT(
+      expr.operands().size() == 1, "member_exprt takes one operand.");
 
     return constant_propagation_reference(expr.op0());
   }
diff --git a/src/goto-symex/memory_model_pso.cpp b/src/goto-symex/memory_model_pso.cpp
@@ -30,8 +30,8 @@ bool memory_model_psot::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   // no po relaxation within atomic sections
   if(e1->atomic_section_id!=0 &&
diff --git a/src/goto-symex/memory_model_sc.cpp b/src/goto-symex/memory_model_sc.cpp
@@ -36,8 +36,8 @@ bool memory_model_sct::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   return false;
 }
diff --git a/src/goto-symex/memory_model_tso.cpp b/src/goto-symex/memory_model_tso.cpp
@@ -39,8 +39,8 @@ bool memory_model_tsot::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   // no po relaxation within atomic sections
   if(e1->atomic_section_id!=0 &&
diff --git a/src/goto-symex/partial_order_concurrency.cpp b/src/goto-symex/partial_order_concurrency.cpp
@@ -143,7 +143,7 @@ symbol_exprt partial_order_concurrencyt::clock(
   axiomt axiom)
 {
   irep_idt identifier;
-  assert(!numbering.empty());
+  PRECONDITION(!numbering.empty());
 
   if(event->is_shared_write())
     identifier=rw_clock_id(event, axiom);
@@ -163,7 +163,7 @@ symbol_exprt partial_order_concurrencyt::clock(
 
 void partial_order_concurrencyt::build_clock_type()
 {
-  assert(!numbering.empty());
+  PRECONDITION(!numbering.empty());
 
   std::size_t width = address_bits(numbering.size());
   clock_type = unsignedbv_typet(width);
diff --git a/src/goto-symex/postcondition.cpp b/src/goto-symex/postcondition.cpp
@@ -76,20 +76,23 @@ bool postconditiont::is_used_address_of(
   }
   else if(expr.id()==ID_index)
   {
-    assert(expr.operands().size()==2);
+    DATA_INVARIANT(
+      expr.operands().size() == 2, "index_exprt takes two operands.");
 
     return
       is_used_address_of(expr.op0(), identifier) ||
       is_used(expr.op1(), identifier);
   }
   else if(expr.id()==ID_member)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+      expr.operands().size() == 1, "member_exprt takes one operand.");
     return is_used_address_of(expr.op0(), identifier);
   }
   else if(expr.id()==ID_dereference)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+      expr.operands().size() == 1, "dereference_exprt takes one operand.");
     return is_used(expr.op0(), identifier);
   }
 
@@ -155,7 +158,8 @@ bool postconditiont::is_used(
   if(expr.id()==ID_address_of)
   {
     // only do index!
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+      expr.operands().size() == 1, "address_of_exprt takes one operand.");
     return is_used_address_of(expr.op0(), identifier);
   }
   else if(expr.id()==ID_symbol &&
@@ -169,7 +173,8 @@ bool postconditiont::is_used(
   }
   else if(expr.id()==ID_dereference)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+      expr.operands().size() == 1, "dereference_exprt takes one operand.");
 
     // aliasing may happen here
 
diff --git a/src/goto-symex/precondition.cpp b/src/goto-symex/precondition.cpp
@@ -78,18 +78,21 @@ void preconditiont::compute_address_of(exprt &dest)
   }
   else if(dest.id()==ID_index)
   {
-    assert(dest.operands().size()==2);
+    DATA_INVARIANT(
+      dest.operands().size() == 2, "index_exprt takes two operands.");
     compute_address_of(dest.op0());
     compute(dest.op1());
   }
   else if(dest.id()==ID_member)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+      dest.operands().size() == 1, "member_exprt takes one operand.");
     compute_address_of(dest.op0());
   }
   else if(dest.id()==ID_dereference)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+      dest.operands().size() == 1, "dereference_exprt takes one operand.");
     compute(dest.op0());
   }
 }
@@ -104,12 +107,14 @@ void preconditiont::compute_rec(exprt &dest)
   if(dest.id()==ID_address_of)
   {
     // only do index!
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+      dest.operands().size() == 1, "address_of_exprt takes one operand.");
     compute_address_of(dest.op0());
   }
   else if(dest.id()==ID_dereference)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+      dest.operands().size() == 1, "dereference_exprt takes one operand.");
 
     const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();
 
diff --git a/src/goto-symex/slice.cpp b/src/goto-symex/slice.cpp
@@ -112,7 +112,7 @@ void symex_slicet::slice(symex_target_equationt::SSA_stept &SSA_step)
 void symex_slicet::slice_assignment(
   symex_target_equationt::SSA_stept &SSA_step)
 {
-  assert(SSA_step.ssa_lhs.id()==ID_symbol);
+  PRECONDITION(SSA_step.ssa_lhs.id() == ID_symbol);
   const irep_idt &id=SSA_step.ssa_lhs.get_identifier();
 
   if(depends.find(id)==depends.end())
@@ -127,7 +127,7 @@ void symex_slicet::slice_assignment(
 void symex_slicet::slice_decl(
   symex_target_equationt::SSA_stept &SSA_step)
 {
-  assert(SSA_step.ssa_lhs.id()==ID_symbol);
+  PRECONDITION(SSA_step.ssa_lhs.id() == ID_symbol);
   const irep_idt &id=SSA_step.ssa_lhs.get_identifier();
 
   if(depends.find(id)==depends.end())
diff --git a/src/goto-symex/symex_assign.cpp b/src/goto-symex/symex_assign.cpp
@@ -91,7 +91,7 @@ exprt goto_symext::add_to_lhs(
   const exprt &lhs,
   const exprt &what)
 {
-  assert(lhs.id()!=ID_symbol);
+  PRECONDITION(lhs.id() != ID_symbol);
   exprt tmp_what=what;
 
   if(tmp_what.id()!=ID_symbol)
@@ -172,7 +172,9 @@ void goto_symext::symex_assign_rec(
           lhs.id()==ID_complex_imag)
   {
     // this is stuff like __real__ x = 1;
-    assert(lhs.operands().size()==1);
+    DATA_INVARIANT(
+      lhs.operands().size() == 1,
+      "exprts with id ID_complex_real or ID_complex_imag take one operand.");
 
     exprt new_rhs=exprt(ID_complex, lhs.op0().type());
     new_rhs.operands().resize(2);
@@ -283,7 +285,7 @@ void goto_symext::symex_assign_typecast(
 {
   // these may come from dereferencing on the lhs
 
-  assert(lhs.operands().size()==1);
+  PRECONDITION(lhs.operands().size() == 1);
 
   exprt rhs_typecasted=rhs;
   rhs_typecasted.make_typecast(lhs.op0().type());
@@ -305,9 +307,7 @@ void goto_symext::symex_assign_array(
   // lhs must be index operand
   // that takes two operands: the first must be an array
   // the second is the index
-
-  if(lhs.operands().size()!=2)
-    throw "index must have two operands";
+  DATA_INVARIANT(lhs.operands().size() == 2, "index_exprt takes two operands");
 
   const exprt &lhs_array=lhs.array();
   const exprt &lhs_index=lhs.index();
@@ -368,7 +368,8 @@ void goto_symext::symex_assign_struct_member(
   // typecasts involved? C++ does that for inheritance.
   if(lhs_struct.id()==ID_typecast)
   {
-    assert(lhs_struct.operands().size()==1);
+    DATA_INVARIANT(
+      lhs_struct.operands().size() == 1, "typecast_exprt takes one operand.");
 
     if(lhs_struct.op0().id() == ID_null_object)
     {

Original file line number	Diff line number	Diff line change
`@@ -187,8 +187,8 @@ bool goto_symex_statet::constant_propagation_reference(const exprt &expr) const`
`187`	`187`	`}`
`188`	`188`	`else if(expr.id()==ID_member)`
`189`	`189`	`{`
`190`		`- if(expr.operands().size()!=1)`
`191`		`- throw "member expects one operand";`
	`190`	`+ DATA_INVARIANT(`
	`191`	`+ expr.operands().size() == 1, "member_exprt takes one operand.");`
`192`	`192`
`193`	`193`	`return constant_propagation_reference(expr.op0());`
`194`	`194`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,8 @@ bool memory_model_sct::program_order_is_relaxed(`
`36`	`36`	`partial_order_concurrencyt::event_it e1,`
`37`	`37`	`partial_order_concurrencyt::event_it e2) const`
`38`	`38`	`{`
`39`		`- assert(e1->is_shared_read() \|\| e1->is_shared_write());`
`40`		`- assert(e2->is_shared_read() \|\| e2->is_shared_write());`
	`39`	`+ PRECONDITION(e1->is_shared_read() \|\| e1->is_shared_write());`
	`40`	`+ PRECONDITION(e2->is_shared_read() \|\| e2->is_shared_write());`
`41`	`41`
`42`	`42`	`return false;`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ symbol_exprt partial_order_concurrencyt::clock(`
`143`	`143`	`axiomt axiom)`
`144`	`144`	`{`
`145`	`145`	`irep_idt identifier;`
`146`		`- assert(!numbering.empty());`
	`146`	`+ PRECONDITION(!numbering.empty());`
`147`	`147`
`148`	`148`	`if(event->is_shared_write())`
`149`	`149`	`identifier=rw_clock_id(event, axiom);`
`@@ -163,7 +163,7 @@ symbol_exprt partial_order_concurrencyt::clock(`
`163`	`163`
`164`	`164`	`void partial_order_concurrencyt::build_clock_type()`
`165`	`165`	`{`
`166`		`- assert(!numbering.empty());`
	`166`	`+ PRECONDITION(!numbering.empty());`
`167`	`167`
`168`	`168`	`std::size_t width = address_bits(numbering.size());`
`169`	`169`	`clock_type = unsignedbv_typet(width);`
Original file line number	Diff line number	Diff line change
`@@ -76,20 +76,23 @@ bool postconditiont::is_used_address_of(`
`76`	`76`	`}`
`77`	`77`	`else if(expr.id()==ID_index)`
`78`	`78`	`{`
`79`		`- assert(expr.operands().size()==2);`
	`79`	`+ DATA_INVARIANT(`
	`80`	`+ expr.operands().size() == 2, "index_exprt takes two operands.");`
`80`	`81`
`81`	`82`	`return`
`82`	`83`	`is_used_address_of(expr.op0(), identifier) \|\|`
`83`	`84`	`is_used(expr.op1(), identifier);`
`84`	`85`	`}`
`85`	`86`	`else if(expr.id()==ID_member)`
`86`	`87`	`{`
`87`		`- assert(expr.operands().size()==1);`
	`88`	`+ DATA_INVARIANT(`
	`89`	`+ expr.operands().size() == 1, "member_exprt takes one operand.");`
`88`	`90`	`return is_used_address_of(expr.op0(), identifier);`
`89`	`91`	`}`
`90`	`92`	`else if(expr.id()==ID_dereference)`
`91`	`93`	`{`
`92`		`- assert(expr.operands().size()==1);`
	`94`	`+ DATA_INVARIANT(`
	`95`	`+ expr.operands().size() == 1, "dereference_exprt takes one operand.");`
`93`	`96`	`return is_used(expr.op0(), identifier);`
`94`	`97`	`}`
`95`	`98`
`@@ -155,7 +158,8 @@ bool postconditiont::is_used(`
`155`	`158`	`if(expr.id()==ID_address_of)`
`156`	`159`	`{`
`157`	`160`	`// only do index!`
`158`		`- assert(expr.operands().size()==1);`
	`161`	`+ DATA_INVARIANT(`
	`162`	`+ expr.operands().size() == 1, "address_of_exprt takes one operand.");`
`159`	`163`	`return is_used_address_of(expr.op0(), identifier);`
`160`	`164`	`}`
`161`	`165`	`else if(expr.id()==ID_symbol &&`
`@@ -169,7 +173,8 @@ bool postconditiont::is_used(`
`169`	`173`	`}`
`170`	`174`	`else if(expr.id()==ID_dereference)`
`171`	`175`	`{`
`172`		`- assert(expr.operands().size()==1);`
	`176`	`+ DATA_INVARIANT(`
	`177`	`+ expr.operands().size() == 1, "dereference_exprt takes one operand.");`
`173`	`178`
`174`	`179`	`// aliasing may happen here`
`175`	`180`
Original file line number	Diff line number	Diff line change
`@@ -78,18 +78,21 @@ void preconditiont::compute_address_of(exprt &dest)`
`78`	`78`	`}`
`79`	`79`	`else if(dest.id()==ID_index)`
`80`	`80`	`{`
`81`		`- assert(dest.operands().size()==2);`
	`81`	`+ DATA_INVARIANT(`
	`82`	`+ dest.operands().size() == 2, "index_exprt takes two operands.");`
`82`	`83`	`compute_address_of(dest.op0());`
`83`	`84`	`compute(dest.op1());`
`84`	`85`	`}`
`85`	`86`	`else if(dest.id()==ID_member)`
`86`	`87`	`{`
`87`		`- assert(dest.operands().size()==1);`
	`88`	`+ DATA_INVARIANT(`
	`89`	`+ dest.operands().size() == 1, "member_exprt takes one operand.");`
`88`	`90`	`compute_address_of(dest.op0());`
`89`	`91`	`}`
`90`	`92`	`else if(dest.id()==ID_dereference)`
`91`	`93`	`{`
`92`		`- assert(dest.operands().size()==1);`
	`94`	`+ DATA_INVARIANT(`
	`95`	`+ dest.operands().size() == 1, "dereference_exprt takes one operand.");`
`93`	`96`	`compute(dest.op0());`
`94`	`97`	`}`
`95`	`98`	`}`
`@@ -104,12 +107,14 @@ void preconditiont::compute_rec(exprt &dest)`
`104`	`107`	`if(dest.id()==ID_address_of)`
`105`	`108`	`{`
`106`	`109`	`// only do index!`
`107`		`- assert(dest.operands().size()==1);`
	`110`	`+ DATA_INVARIANT(`
	`111`	`+ dest.operands().size() == 1, "address_of_exprt takes one operand.");`
`108`	`112`	`compute_address_of(dest.op0());`
`109`	`113`	`}`
`110`	`114`	`else if(dest.id()==ID_dereference)`
`111`	`115`	`{`
`112`		`- assert(dest.operands().size()==1);`
	`116`	`+ DATA_INVARIANT(`
	`117`	`+ dest.operands().size() == 1, "dereference_exprt takes one operand.");`
`113`	`118`
`114`	`119`	`const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();`
`115`	`120`