Add conversion for rol and ror operators to c output

[TGWDB]

This adds conversion for the rol and ror operators from CBMC
internals into C code. This is done by bit-twiddling the values
to achieve the outcome.

Fixes #6241

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #6253 (4763289) into develop (3a2de48) will increase coverage by 0.01%.
The diff coverage is 96.22%.

@@             Coverage Diff             @@
##           develop    #6253      +/-   ##
===========================================
+ Coverage    76.16%   76.18%   +0.01%     
===========================================
  Files         1484     1485       +1     
  Lines       162164   162217      +53     
===========================================
+ Hits        123516   123579      +63     
+ Misses       38648    38638      -10     

Impacted Files	Coverage Δ
src/ansi-c/expr2c_class.h	100.00% <ø> (ø)
src/ansi-c/expr2c.cpp	65.32% <92.00%> (+0.37%)	⬆️
unit/ansi-c/expr2c.cpp	100.00% <100.00%> (ø)
.../goto-instrument/goto_instrument_parse_options.cpp	68.25% <0.00%> (+0.23%)	⬆️
src/util/config.cpp	56.29% <0.00%> (+0.86%)	⬆️
src/util/message.cpp	83.92% <0.00%> (+5.35%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 932d41d...4763289. Read the comment docs.

[martin-cs]

What if n is greater than bit width?

[martin-cs]

Also note the cases when shift can give undefined behaviour.

[TGWDB]

This is done with modulo now.

[thomasspriggs]

It is good that we have a fix for the issue and that we have both regression and unit tests. However I think there are some issues which should be addressed for the sake of maintainability. The issues which I think really need to be addressed before we merge are marked with 🚫 Hopefully having the tests should make it easy to check the refactorings are sound as you address the issues.

[thomasspriggs]

🚫 This duplicated code will make maintenance more difficult. I suggest deduplicating it by parameterising the new function I suggested in my previous comment.
💡 I suggest creating a single use left_or_rightt enum class with left and right values to use as the type of the left_or_right parameter of the new function. This could alternatively be done without using a new enum with something like bool is_right, with true = right and false = left. But I think the enum would make for more self explanatory code.

[thomasspriggs]

I now consider this to be sorted.

[thomasspriggs]

⛏️ This and all other variables in this new code which are not mutated should be declared const.

[thomasspriggs]

🚫 Use bitvector_typet::get_width() instead of get_size_t("width"). By using get_size_t you are directly accessing the underlying data structure of the type. Fixing the accessibility to underlying irept would be a non-trivial refactor, but we should still use the well defined external interface where possible.

[thomasspriggs]

⛏️ What is ws supposed to be short for? Reminder - the coding standards state that we should "Avoid abbreviations".

[thomasspriggs]

This looks to be sorted, with the exception of the unreachable code.

[thomasspriggs]

⛏️ I suggest renaming bin_expr to rotate_expr, because at this point bin_expr can only be a rotate expression, even if the type only specifies that it is a binary_exprt.

[thomasspriggs]

⛏️ I suggest swapping out to_binary_expr(src) with expr_checked_cast<shift_exprt>(src). That way we are using a more specific type of expression and we are using the checks which are defined alongside that expression.

[thomasspriggs]

⛏️ I suggest renaming op1 to distance.

[thomasspriggs]

⛏️ Use .distance() of shift_exprt instead of .op1(), because this is the specifically named getter for this data member.

[thomasspriggs]

⛏️ Use .op() of shift_exprt rather than op0(), because this is the specifically named getter for this data member.

[thomasspriggs]

⛏️ Duplicated extraction of getting the width from op0. It should be possible to move the previous getting of the width out of the if statement and reuse it. We can expect the type to be a bitvector_typet whether or not it is signed. So extracting the width can be - const size_t width = type_checked_cast<bitvector_typet>(op0.type()).get_width();

[thomasspriggs]

⛏️ I suggest creating a new variable named distance_modulo_width instead, in order to better specify what this is and in order to avoid mutating.

[chrisr-diffblue]

Mostly looks OK, though I think @thomasspriggs has some blocking review comments that it would be good to resolve. Also, how cross-platform/cross-architecture/cross endian is this work? In particular, are we confident this works on, say ARM architecture where its switchable big/little endian? I think cbmc has --little-endian and --big-endian options.

[chrisr-diffblue]

I don't think this is actually the complement expression, is the complement width expression ?

[TGWDB]

Fixed

[chrisr-diffblue]

Personal preference here :-) But for tests used for bit-twiddling operations, I'd be rather tempted to use hex representations of the various immediate constants in tests like this. Might just be my background, but I find that easier to mentally model, rather than also adding a decimal->hex->binary mental translation :-)

[chrisr-diffblue]

Might be worth a comment explaining why this is necessary?

[TGWDB]

Done

[tautschnig]

In keeping with other functions I'd prefer for convert_rox to take a shift_exprt as first argument and to_shift_expr being used at the call site.

[tautschnig]

I think you should just give up in that else case. You might well get back a nil irep, which will make the from_integer fail. You're trying to be very kind, but I don't think you're doing the user any favour.

[thomasspriggs]

Agreed. I'd just put an UNREACHABLE here. I think the comments from codecov suggest that it is in fact unreachable with the way it is currently used.

[thomasspriggs]

My blocking comments have been addressed. Therefore I am going to approve this PR.

[thomasspriggs]

⛏️ These changes appear to have been squashed into the wrong commit.

[TGWDB]

Fixed.