From 6032e0e18c1fd4c29874e3cd88475555bfc42fb2 Mon Sep 17 00:00:00 2001 From: Michael Tautschnig Date: Tue, 2 Mar 2021 13:41:34 +0000 Subject: [PATCH 1/3] Replace "bounds_check" by ID_C_bounds_check Replaces the hard-coded string by a dstringt to avoid typos, and also changes it to a comment: the annotation (communicating from the front-end to goto_checkt) does not change the semantics of the expression that has been annotated. --- src/analyses/goto_check.cpp | 7 +++++-- src/ansi-c/ansi_c_entry_point.cpp | 6 +++--- src/goto-programs/string_abstraction.cpp | 2 +- src/util/irep_ids.def | 2 ++ 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp index 3c420a666dc..206c130b896 100644 --- a/src/analyses/goto_check.cpp +++ b/src/analyses/goto_check.cpp @@ -1328,9 +1328,12 @@ void goto_checkt::bounds_check( if(!enable_bounds_check) return; - if(expr.find("bounds_check").is_not_nil() && - !expr.get_bool("bounds_check")) + if( + expr.find(ID_C_bounds_check).is_not_nil() && + !expr.get_bool(ID_C_bounds_check)) + { return; + } typet array_type = expr.array().type(); diff --git a/src/ansi-c/ansi_c_entry_point.cpp b/src/ansi-c/ansi_c_entry_point.cpp index ea8aab65959..daee4dca66a 100644 --- a/src/ansi-c/ansi_c_entry_point.cpp +++ b/src/ansi-c/ansi_c_entry_point.cpp @@ -407,7 +407,7 @@ bool generate_ansi_c_start_function( argv_symbol.symbol_expr(), argc_symbol.symbol_expr()); // disable bounds check on that one - index_expr.set("bounds_check", false); + index_expr.set(ID_C_bounds_check, false); init_code.add(code_assignt(index_expr, null)); } @@ -423,7 +423,7 @@ bool generate_ansi_c_start_function( index_exprt index_expr( envp_symbol.symbol_expr(), envp_size_symbol.symbol_expr()); // disable bounds check on that one - index_expr.set("bounds_check", false); + index_expr.set(ID_C_bounds_check, false); equal_exprt is_null(std::move(index_expr), std::move(null)); @@ -449,7 +449,7 @@ bool generate_ansi_c_start_function( argv_symbol.symbol_expr(), from_integer(0, index_type())); // disable bounds check on that one - index_expr.set("bounds_check", false); + index_expr.set(ID_C_bounds_check, false); const pointer_typet &pointer_type = to_pointer_type(parameters[1].type()); diff --git a/src/goto-programs/string_abstraction.cpp b/src/goto-programs/string_abstraction.cpp index 6cb872cf5c5..f2d78335cb3 100644 --- a/src/goto-programs/string_abstraction.cpp +++ b/src/goto-programs/string_abstraction.cpp @@ -570,7 +570,7 @@ void string_abstractiont::abstract_function_call( index_exprt idx(str_args.back(), from_integer(0, index_type())); // disable bounds check on that one - idx.set("bounds_check", false); + idx.set(ID_C_bounds_check, false); str_args.back()=address_of_exprt(idx); } diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def index 9f81159e515..4493e83d4da 100644 --- a/src/util/irep_ids.def +++ b/src/util/irep_ids.def @@ -841,6 +841,8 @@ IREP_ID_ONE(statement_list_instructions) IREP_ID_ONE(max) IREP_ID_ONE(min) IREP_ID_ONE(constant_interval) +IREP_ID_TWO(C_bounds_check, #bounds_check) +IREP_ID_ONE(count_leading_zeros) // Projects depending on this code base that wish to extend the list of // available ids should provide a file local_irep_ids.def in their source tree From 2f560d0e3915f551c943efbc209738c816335446 Mon Sep 17 00:00:00 2001 From: Michael Tautschnig Date: Wed, 10 Mar 2021 16:05:09 +0000 Subject: [PATCH 2/3] Make lower_popcount a method of popcount_exprt Expression lowering may be useful well outside the solvers/ context. Making it a method of the class being lowered also serves as a way of describing the semantics of the expression. This is mainly a refactoring, no changes in behaviour are intended. --- scripts/expected_doxygen_warnings.txt | 6 +-- src/solvers/Makefile | 1 - src/solvers/flattening/boolbv.cpp | 3 +- src/solvers/lowering/expr_lowering.h | 7 --- src/solvers/lowering/popcount.cpp | 61 --------------------------- src/solvers/smt2/smt2_conv.cpp | 4 +- src/util/bitvector_expr.cpp | 47 +++++++++++++++++++++ src/util/bitvector_expr.h | 4 ++ 8 files changed, 58 insertions(+), 75 deletions(-) delete mode 100644 src/solvers/lowering/popcount.cpp diff --git a/scripts/expected_doxygen_warnings.txt b/scripts/expected_doxygen_warnings.txt index abea5a1e46c..4d4dc4d03bd 100644 --- a/scripts/expected_doxygen_warnings.txt +++ b/scripts/expected_doxygen_warnings.txt @@ -21,19 +21,19 @@ warning: Include graph for 'goto_instrument_parse_options.cpp' not generated, too many nodes (97), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'goto_functions.h' not generated, too many nodes (66), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'goto_model.h' not generated, too many nodes (110), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. -warning: Included by graph for 'arith_tools.h' not generated, too many nodes (182), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. +warning: Included by graph for 'arith_tools.h' not generated, too many nodes (181), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'c_types.h' not generated, too many nodes (110), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'config.h' not generated, too many nodes (87), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'exception_utils.h' not generated, too many nodes (61), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'expr.h' not generated, too many nodes (87), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'expr_util.h' not generated, too many nodes (61), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. -warning: Included by graph for 'invariant.h' not generated, too many nodes (187), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. +warning: Included by graph for 'invariant.h' not generated, too many nodes (186), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'irep.h' not generated, too many nodes (62), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'message.h' not generated, too many nodes (117), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'namespace.h' not generated, too many nodes (109), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'pointer_expr.h' not generated, too many nodes (117), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'prefix.h' not generated, too many nodes (85), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. -warning: Included by graph for 'simplify_expr.h' not generated, too many nodes (77), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. +warning: Included by graph for 'simplify_expr.h' not generated, too many nodes (79), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'std_code.h' not generated, too many nodes (78), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'std_expr.h' not generated, too many nodes (241), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. warning: Included by graph for 'std_types.h' not generated, too many nodes (102), threshold is 60. Consider increasing DOT_GRAPH_MAX_NODES. diff --git a/src/solvers/Makefile b/src/solvers/Makefile index 1b70e5960b7..c8569eb084f 100644 --- a/src/solvers/Makefile +++ b/src/solvers/Makefile @@ -141,7 +141,6 @@ SRC = $(BOOLEFORCE_SRC) \ floatbv/float_approximation.cpp \ lowering/byte_operators.cpp \ lowering/functions.cpp \ - lowering/popcount.cpp \ bdd/miniBDD/miniBDD.cpp \ prop/bdd_expr.cpp \ prop/cover_goals.cpp \ diff --git a/src/solvers/flattening/boolbv.cpp b/src/solvers/flattening/boolbv.cpp index 589444ac17b..407569e64da 100644 --- a/src/solvers/flattening/boolbv.cpp +++ b/src/solvers/flattening/boolbv.cpp @@ -19,6 +19,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include #include +#include #include #include #include @@ -227,7 +228,7 @@ bvt boolbvt::convert_bitvector(const exprt &expr) else if(expr.id()==ID_power) return convert_power(to_binary_expr(expr)); else if(expr.id() == ID_popcount) - return convert_bv(lower_popcount(to_popcount_expr(expr), ns)); + return convert_bv(simplify_expr(to_popcount_expr(expr).lower(), ns)); return conversion_failed(expr); } diff --git a/src/solvers/lowering/expr_lowering.h b/src/solvers/lowering/expr_lowering.h index bcd82263916..1ee186bedbf 100644 --- a/src/solvers/lowering/expr_lowering.h +++ b/src/solvers/lowering/expr_lowering.h @@ -14,7 +14,6 @@ Author: Michael Tautschnig class byte_extract_exprt; class byte_update_exprt; class namespacet; -class popcount_exprt; /// Rewrite a byte extract expression to more fundamental operations. /// \param src: Byte extract expression @@ -44,10 +43,4 @@ exprt lower_byte_operators(const exprt &src, const namespacet &ns); bool has_byte_operator(const exprt &src); -/// Lower a popcount_exprt to arithmetic and logic expressions -/// \param expr: Input expression to be translated -/// \param ns: Namespace for type lookups -/// \return Semantically equivalent expression -exprt lower_popcount(const popcount_exprt &expr, const namespacet &ns); - #endif /* CPROVER_SOLVERS_LOWERING_EXPR_LOWERING_H */ diff --git a/src/solvers/lowering/popcount.cpp b/src/solvers/lowering/popcount.cpp deleted file mode 100644 index 0cb340af3ae..00000000000 --- a/src/solvers/lowering/popcount.cpp +++ /dev/null @@ -1,61 +0,0 @@ -/*******************************************************************\ - -Module: Lowering of popcount - -Author: Michael Tautschnig - -\*******************************************************************/ - -#include "expr_lowering.h" - -#include -#include -#include -#include -#include - -exprt lower_popcount(const popcount_exprt &expr, const namespacet &ns) -{ - // Hacker's Delight, variant pop0: - // x = (x & 0x55555555) + ((x >> 1) & 0x55555555); - // x = (x & 0x33333333) + ((x >> 2) & 0x33333333); - // x = (x & 0x0F0F0F0F) + ((x >> 4) & 0x0F0F0F0F); - // x = (x & 0x00FF00FF) + ((x >> 8) & 0x00FF00FF); - // etc. - // return x; - // http://www.hackersdelight.org/permissions.htm - - // make sure the operand width is a power of two - exprt x = expr.op(); - const auto x_width = pointer_offset_bits(x.type(), ns); - CHECK_RETURN(x_width.has_value() && *x_width >= 1); - const std::size_t bits = address_bits(*x_width); - const std::size_t new_width = numeric_cast_v(power(2, bits)); - - const bool need_typecast = - new_width > *x_width || x.type().id() != ID_unsignedbv; - - if(need_typecast) - x = typecast_exprt(x, unsignedbv_typet(new_width)); - - // repeatedly compute x = (x & bitmask) + ((x >> shift) & bitmask) - for(std::size_t shift = 1; shift < new_width; shift <<= 1) - { - // x >> shift - lshr_exprt shifted_x( - x, from_integer(shift, unsignedbv_typet(address_bits(shift) + 1))); - // bitmask is a string of alternating shift-many bits starting from lsb set - // to 1 - std::string bitstring; - bitstring.reserve(new_width); - for(std::size_t i = 0; i < new_width / (2 * shift); ++i) - bitstring += std::string(shift, '0') + std::string(shift, '1'); - const mp_integer value = binary2integer(bitstring, false); - const constant_exprt bitmask(integer2bvrep(value, new_width), x.type()); - // build the expression - x = plus_exprt(bitand_exprt(x, bitmask), bitand_exprt(shifted_x, bitmask)); - } - - // the result is restricted to the result type - return typecast_exprt(x, expr.type()); -} diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp index fbbf83dfdaf..b9a36d9660c 100644 --- a/src/solvers/smt2/smt2_conv.cpp +++ b/src/solvers/smt2/smt2_conv.cpp @@ -25,6 +25,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include #include +#include #include #include #include @@ -1984,8 +1985,7 @@ void smt2_convt::convert_expr(const exprt &expr) } else if(expr.id() == ID_popcount) { - exprt lowered = lower_popcount(to_popcount_expr(expr), ns); - convert_expr(lowered); + convert_expr(simplify_expr(to_popcount_expr(expr).lower(), ns)); } else INVARIANT_WITH_DIAGNOSTICS( diff --git a/src/util/bitvector_expr.cpp b/src/util/bitvector_expr.cpp index 76d1e71eaf4..1d9ab256d4d 100644 --- a/src/util/bitvector_expr.cpp +++ b/src/util/bitvector_expr.cpp @@ -9,6 +9,7 @@ Author: Daniel Kroening, kroening@kroening.com #include "bitvector_expr.h" #include "arith_tools.h" +#include "bitvector_types.h" #include "mathematical_types.h" shift_exprt::shift_exprt( @@ -40,3 +41,49 @@ extractbits_exprt::extractbits_exprt( from_integer(_upper, integer_typet()), from_integer(_lower, integer_typet())); } + +exprt popcount_exprt::lower() const +{ + // Hacker's Delight, variant pop0: + // x = (x & 0x55555555) + ((x >> 1) & 0x55555555); + // x = (x & 0x33333333) + ((x >> 2) & 0x33333333); + // x = (x & 0x0F0F0F0F) + ((x >> 4) & 0x0F0F0F0F); + // x = (x & 0x00FF00FF) + ((x >> 8) & 0x00FF00FF); + // etc. + // return x; + // http://www.hackersdelight.org/permissions.htm + + // make sure the operand width is a power of two + exprt x = op(); + const auto x_width = to_bitvector_type(x.type()).get_width(); + CHECK_RETURN(x_width >= 1); + const std::size_t bits = address_bits(x_width); + const std::size_t new_width = numeric_cast_v(power(2, bits)); + + const bool need_typecast = + new_width > x_width || x.type().id() != ID_unsignedbv; + + if(need_typecast) + x = typecast_exprt(x, unsignedbv_typet(new_width)); + + // repeatedly compute x = (x & bitmask) + ((x >> shift) & bitmask) + for(std::size_t shift = 1; shift < new_width; shift <<= 1) + { + // x >> shift + lshr_exprt shifted_x( + x, from_integer(shift, unsignedbv_typet(address_bits(shift) + 1))); + // bitmask is a string of alternating shift-many bits starting from lsb set + // to 1 + std::string bitstring; + bitstring.reserve(new_width); + for(std::size_t i = 0; i < new_width / (2 * shift); ++i) + bitstring += std::string(shift, '0') + std::string(shift, '1'); + const mp_integer value = binary2integer(bitstring, false); + const constant_exprt bitmask(integer2bvrep(value, new_width), x.type()); + // build the expression + x = plus_exprt(bitand_exprt(x, bitmask), bitand_exprt(shifted_x, bitmask)); + } + + // the result is restricted to the result type + return typecast_exprt::conditional_cast(x, type()); +} diff --git a/src/util/bitvector_expr.h b/src/util/bitvector_expr.h index 243be4c92e0..61510f3bf3e 100644 --- a/src/util/bitvector_expr.h +++ b/src/util/bitvector_expr.h @@ -641,6 +641,10 @@ class popcount_exprt : public unary_exprt : unary_exprt(ID_popcount, _op, _op.type()) { } + + /// Lower a popcount_exprt to arithmetic and logic expressions. + /// \return Semantically equivalent expression + exprt lower() const; }; template <> From 7409997f85318dc5279d1bd813b98ba983c38b44 Mon Sep 17 00:00:00 2001 From: Michael Tautschnig Date: Mon, 1 Mar 2021 22:37:52 +0000 Subject: [PATCH 3/3] New expression: count_leading_zeros_exprt Rather than ad-hoc handling __builtin_clz and __lzcnt (and their variants) in the C front-end, make counting-leading-zeros available across the code base. --- regression/ansi-c/__builtin_clz-02/main.c | 10 ++ .../__builtin_clz-02/test.desc | 0 .../cbmc-library/__builtin_clz-02/main.c | 12 --- .../__builtin_clz-01/main.c | 4 + regression/cbmc/__builtin_clz-01/test.desc | 10 ++ src/analyses/goto_check.cpp | 37 +++++++- src/ansi-c/c_typecheck_expr.cpp | 25 ++--- src/ansi-c/expr2c.cpp | 3 + src/ansi-c/library/gcc.c | 58 ------------ src/ansi-c/library/windows.c | 43 --------- src/solvers/flattening/boolbv.cpp | 5 + src/solvers/smt2/smt2_conv.cpp | 4 + src/util/bitvector_expr.cpp | 38 ++++++++ src/util/bitvector_expr.h | 93 +++++++++++++++++++ src/util/format_expr.cpp | 2 + src/util/simplify_expr.cpp | 28 ++++++ src/util/simplify_expr_class.h | 4 + 17 files changed, 239 insertions(+), 137 deletions(-) create mode 100644 regression/ansi-c/__builtin_clz-02/main.c rename regression/{cbmc-library => ansi-c}/__builtin_clz-02/test.desc (100%) delete mode 100644 regression/cbmc-library/__builtin_clz-02/main.c rename regression/{cbmc-library => cbmc}/__builtin_clz-01/main.c (90%) create mode 100644 regression/cbmc/__builtin_clz-01/test.desc diff --git a/regression/ansi-c/__builtin_clz-02/main.c b/regression/ansi-c/__builtin_clz-02/main.c new file mode 100644 index 00000000000..af8b5e06167 --- /dev/null +++ b/regression/ansi-c/__builtin_clz-02/main.c @@ -0,0 +1,10 @@ +int main() +{ +#ifdef __GNUC__ + _Static_assert( + __builtin_clz(0xffU) == 8 * sizeof(unsigned) - 8, + "GCC/Clang compile-time constant"); +#endif + + return 0; +} diff --git a/regression/cbmc-library/__builtin_clz-02/test.desc b/regression/ansi-c/__builtin_clz-02/test.desc similarity index 100% rename from regression/cbmc-library/__builtin_clz-02/test.desc rename to regression/ansi-c/__builtin_clz-02/test.desc diff --git a/regression/cbmc-library/__builtin_clz-02/main.c b/regression/cbmc-library/__builtin_clz-02/main.c deleted file mode 100644 index 16416024d60..00000000000 --- a/regression/cbmc-library/__builtin_clz-02/main.c +++ /dev/null @@ -1,12 +0,0 @@ -#ifdef _MSC_VER -# define __builtin_clz(x) __lzcnt(x) -# define _Static_assert static_assert -#endif - -int main() -{ - _Static_assert( - __builtin_clz(0xffU) == 8 * sizeof(unsigned) - 8, "compile-time constant"); - - return 0; -} diff --git a/regression/cbmc-library/__builtin_clz-01/main.c b/regression/cbmc/__builtin_clz-01/main.c similarity index 90% rename from regression/cbmc-library/__builtin_clz-01/main.c rename to regression/cbmc/__builtin_clz-01/main.c index fbae81294d8..6640bc3f997 100644 --- a/regression/cbmc-library/__builtin_clz-01/main.c +++ b/regression/cbmc/__builtin_clz-01/main.c @@ -56,5 +56,9 @@ int main() __CPROVER_assume(u != 0); assert(nlz2a(u) == __builtin_clz(u)); +#undef __builtin_clz + // a failing assertion should be generated as __builtin_clz is undefined for 0 + __builtin_clz(0U); + return 0; } diff --git a/regression/cbmc/__builtin_clz-01/test.desc b/regression/cbmc/__builtin_clz-01/test.desc new file mode 100644 index 00000000000..7e7552cdc69 --- /dev/null +++ b/regression/cbmc/__builtin_clz-01/test.desc @@ -0,0 +1,10 @@ +CORE +main.c +--bounds-check +^\[main.bit_count.\d+\] line 61 count leading zeros argument in __builtin_clz\(0u\): FAILURE$ +^\*\* 1 of \d+ failed +^VERIFICATION FAILED$ +^EXIT=10$ +^SIGNAL=0$ +-- +^warning: ignoring diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp index 206c130b896..bc1fd5d6673 100644 --- a/src/analyses/goto_check.cpp +++ b/src/analyses/goto_check.cpp @@ -172,7 +172,9 @@ class goto_checkt using conditionst = std::list; - void bounds_check(const index_exprt &, const guardt &); + void bounds_check(const exprt &, const guardt &); + void bounds_check_index(const index_exprt &, const guardt &); + void bounds_check_clz(const count_leading_zeros_exprt &, const guardt &); void div_by_zero_check(const div_exprt &, const guardt &); void mod_by_zero_check(const mod_exprt &, const guardt &); void mod_overflow_check(const mod_exprt &, const guardt &); @@ -1321,9 +1323,7 @@ std::string goto_checkt::array_name(const exprt &expr) return ::array_name(ns, expr); } -void goto_checkt::bounds_check( - const index_exprt &expr, - const guardt &guard) +void goto_checkt::bounds_check(const exprt &expr, const guardt &guard) { if(!enable_bounds_check) return; @@ -1335,6 +1335,16 @@ void goto_checkt::bounds_check( return; } + if(expr.id() == ID_index) + bounds_check_index(to_index_expr(expr), guard); + else if(expr.id() == ID_count_leading_zeros) + bounds_check_clz(to_count_leading_zeros_expr(expr), guard); +} + +void goto_checkt::bounds_check_index( + const index_exprt &expr, + const guardt &guard) +{ typet array_type = expr.array().type(); if(array_type.id()==ID_pointer) @@ -1510,6 +1520,19 @@ void goto_checkt::bounds_check( } } +void goto_checkt::bounds_check_clz( + const count_leading_zeros_exprt &expr, + const guardt &guard) +{ + add_guarded_property( + notequal_exprt{expr.op(), from_integer(0, expr.op().type())}, + "count leading zeros argument", + "bit count", + expr.find_source_location(), + expr, + guard); +} + void goto_checkt::add_guarded_property( const exprt &asserted_expr, const std::string &comment, @@ -1729,7 +1752,7 @@ void goto_checkt::check_rec(const exprt &expr, guardt &guard) if(expr.id()==ID_index) { - bounds_check(to_index_expr(expr), guard); + bounds_check(expr, guard); } else if(expr.id()==ID_div) { @@ -1766,6 +1789,10 @@ void goto_checkt::check_rec(const exprt &expr, guardt &guard) { pointer_primitive_check(expr, guard); } + else if(expr.id() == ID_count_leading_zeros) + { + bounds_check(expr, guard); + } } void goto_checkt::check(const exprt &expr) diff --git a/src/ansi-c/c_typecheck_expr.cpp b/src/ansi-c/c_typecheck_expr.cpp index 7eae7abcbf6..406671379a9 100644 --- a/src/ansi-c/c_typecheck_expr.cpp +++ b/src/ansi-c/c_typecheck_expr.cpp @@ -2689,27 +2689,14 @@ exprt c_typecheck_baset::do_special_functions( throw 0; } - side_effect_expr_function_callt try_constant{expr}; - typecheck_function_call_arguments(try_constant); - exprt argument = try_constant.arguments().front(); - simplify(argument, *this); - const auto int_constant = numeric_cast(argument); - - if( - !int_constant.has_value() || *int_constant == 0 || - argument.type().id() != ID_unsignedbv) - { - return nil_exprt{}; - } + typecheck_function_call_arguments(expr); - const std::string binary_value = integer2binary( - *int_constant, to_unsignedbv_type(argument.type()).get_width()); - std::size_t n_leading_zeros = binary_value.find('1'); - CHECK_RETURN(n_leading_zeros != std::string::npos); + count_leading_zeros_exprt clz{expr.arguments().front(), + has_prefix(id2string(identifier), "__lzcnt"), + expr.type()}; + clz.add_source_location() = source_location; - return from_integer( - n_leading_zeros, - to_code_type(try_constant.function().type()).return_type()); + return std::move(clz); } else if(identifier==CPROVER_PREFIX "equal") { diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp index 028d759aa05..bf2835f184f 100644 --- a/src/ansi-c/expr2c.cpp +++ b/src/ansi-c/expr2c.cpp @@ -3896,6 +3896,9 @@ std::string expr2ct::convert_with_precedence( else if(src.id()==ID_type) return convert(src.type()); + else if(src.id() == ID_count_leading_zeros) + return convert_function(src, "__builtin_clz"); + // no C language expression for internal representation return convert_norep(src, precedence); } diff --git a/src/ansi-c/library/gcc.c b/src/ansi-c/library/gcc.c index 9b652c92393..c9f736e45c6 100644 --- a/src/ansi-c/library/gcc.c +++ b/src/ansi-c/library/gcc.c @@ -33,64 +33,6 @@ inline void __sync_synchronize(void) #endif } -/* FUNCTION: __builtin_clz */ - -int __builtin_popcount(unsigned int); - -inline int __builtin_clz(unsigned int x) -{ - __CPROVER_precondition(x != 0, "__builtin_clz(0) is undefined"); - - x = x | (x >> 1); - x = x | (x >> 2); - x = x | (x >> 4); - x = x | (x >> 8); - if(sizeof(x) >= 4) - x = x | (x >> 16); - - return __builtin_popcount(~x); -} - -/* FUNCTION: __builtin_clzl */ - -int __builtin_popcountl(unsigned long int); - -inline int __builtin_clzl(unsigned long int x) -{ - __CPROVER_precondition(x != 0, "__builtin_clzl(0) is undefined"); - - x = x | (x >> 1); - x = x | (x >> 2); - x = x | (x >> 4); - x = x | (x >> 8); - if(sizeof(x) >= 4) - x = x | (x >> 16); - if(sizeof(x) >= 8) - x = x | (x >> 32); - - return __builtin_popcountl(~x); -} - -/* FUNCTION: __builtin_clzll */ - -int __builtin_popcountll(unsigned long long int); - -inline int __builtin_clzll(unsigned long long int x) -{ - __CPROVER_precondition(x != 0, "__builtin_clzll(0) is undefined"); - - x = x | (x >> 1); - x = x | (x >> 2); - x = x | (x >> 4); - x = x | (x >> 8); - if(sizeof(x) >= 4) - x = x | (x >> 16); - if(sizeof(x) >= 8) - x = x | (x >> 32); - - return __builtin_popcountll(~x); -} - /* FUNCTION: __builtin_ffs */ int __builtin_clz(unsigned int x); diff --git a/src/ansi-c/library/windows.c b/src/ansi-c/library/windows.c index aa9ed115b62..1c6b5e758bf 100644 --- a/src/ansi-c/library/windows.c +++ b/src/ansi-c/library/windows.c @@ -51,46 +51,3 @@ inline HANDLE CreateThread( return handle; } #endif - -/* FUNCTION: __lzcnt16 */ - -#ifdef _MSC_VER -int __builtin_clz(unsigned int x); - -unsigned short __lzcnt16(unsigned short value) -{ - if(value == 0) - return 16; - - return __builtin_clz(value) - - (sizeof(unsigned int) - sizeof(unsigned short)) * 8; -} -#endif - -/* FUNCTION: __lzcnt */ - -#ifdef _MSC_VER -int __builtin_clz(unsigned int x); - -unsigned int __lzcnt(unsigned int value) -{ - if(value == 0) - return 32; - - return __builtin_clz(value); -} -#endif - -/* FUNCTION: __lzcnt64 */ - -#ifdef _MSC_VER -int __builtin_clzll(unsigned long long x); - -unsigned __int64 __lzcnt64(unsigned __int64 value) -{ - if(value == 0) - return 64; - - return __builtin_clzll(value); -} -#endif diff --git a/src/solvers/flattening/boolbv.cpp b/src/solvers/flattening/boolbv.cpp index 407569e64da..4a8daf776f1 100644 --- a/src/solvers/flattening/boolbv.cpp +++ b/src/solvers/flattening/boolbv.cpp @@ -229,6 +229,11 @@ bvt boolbvt::convert_bitvector(const exprt &expr) return convert_power(to_binary_expr(expr)); else if(expr.id() == ID_popcount) return convert_bv(simplify_expr(to_popcount_expr(expr).lower(), ns)); + else if(expr.id() == ID_count_leading_zeros) + { + return convert_bv( + simplify_expr(to_count_leading_zeros_expr(expr).lower(), ns)); + } return conversion_failed(expr); } diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp index b9a36d9660c..66528f35a61 100644 --- a/src/solvers/smt2/smt2_conv.cpp +++ b/src/solvers/smt2/smt2_conv.cpp @@ -1987,6 +1987,10 @@ void smt2_convt::convert_expr(const exprt &expr) { convert_expr(simplify_expr(to_popcount_expr(expr).lower(), ns)); } + else if(expr.id() == ID_count_leading_zeros) + { + convert_expr(simplify_expr(to_count_leading_zeros_expr(expr).lower(), ns)); + } else INVARIANT_WITH_DIAGNOSTICS( false, diff --git a/src/util/bitvector_expr.cpp b/src/util/bitvector_expr.cpp index 1d9ab256d4d..6fa6742db90 100644 --- a/src/util/bitvector_expr.cpp +++ b/src/util/bitvector_expr.cpp @@ -87,3 +87,41 @@ exprt popcount_exprt::lower() const // the result is restricted to the result type return typecast_exprt::conditional_cast(x, type()); } + +exprt count_leading_zeros_exprt::lower() const +{ + // x = x | (x >> 1); + // x = x | (x >> 2); + // x = x | (x >> 4); + // x = x | (x >> 8); + // etc. + // return popcount(~x); + + // make sure the operand width is a power of two + exprt x = op(); + const auto x_width = to_bitvector_type(x.type()).get_width(); + CHECK_RETURN(x_width >= 1); + const std::size_t bits = address_bits(x_width); + const std::size_t new_width = numeric_cast_v(power(2, bits)); + + const bool need_typecast = + new_width > x_width || x.type().id() != ID_unsignedbv; + + if(need_typecast) + x = typecast_exprt(x, unsignedbv_typet(new_width)); + + // repeatedly compute x = x | (x >> shift) + for(std::size_t shift = 1; shift < new_width; shift <<= 1) + { + // x >> shift + lshr_exprt shifted_x( + x, from_integer(shift, unsignedbv_typet(address_bits(shift) + 1))); + // build the expression + x = bitor_exprt{x, shifted_x}; + } + + // the result is restricted to the result type + return popcount_exprt{ + bitnot_exprt{typecast_exprt::conditional_cast(x, op().type())}, type()} + .lower(); +} diff --git a/src/util/bitvector_expr.h b/src/util/bitvector_expr.h index 61510f3bf3e..727ad213c10 100644 --- a/src/util/bitvector_expr.h +++ b/src/util/bitvector_expr.h @@ -822,4 +822,97 @@ inline unary_overflow_exprt &to_unary_overflow_expr(exprt &expr) return ret; } +/// \brief The count leading zeros (counting the number of zero bits starting +/// from the most-significant bit) expression. When \c zero_permitted is set to +/// false, goto_checkt must generate an assertion that the operand does not +/// evaluates to zero. The result is always defined, even for zero (where the +/// result is the bit width). +class count_leading_zeros_exprt : public unary_exprt +{ +public: + count_leading_zeros_exprt(exprt _op, bool _zero_permitted, typet _type) + : unary_exprt(ID_count_leading_zeros, std::move(_op), std::move(_type)) + { + zero_permitted(_zero_permitted); + } + + explicit count_leading_zeros_exprt(const exprt &_op) + : count_leading_zeros_exprt(_op, true, _op.type()) + { + } + + bool zero_permitted() const + { + return !get_bool(ID_C_bounds_check); + } + + void zero_permitted(bool value) + { + set(ID_C_bounds_check, !value); + } + + static void check( + const exprt &expr, + const validation_modet vm = validation_modet::INVARIANT) + { + DATA_CHECK( + vm, + expr.operands().size() == 1, + "unary expression must have a single operand"); + DATA_CHECK( + vm, + can_cast_type(to_unary_expr(expr).op().type()), + "operand must be of bitvector type"); + } + + static void validate( + const exprt &expr, + const namespacet &, + const validation_modet vm = validation_modet::INVARIANT) + { + check(expr, vm); + } + + /// Lower a count_leading_zeros_exprt to arithmetic and logic expressions. + /// \return Semantically equivalent expression + exprt lower() const; +}; + +template <> +inline bool can_cast_expr(const exprt &base) +{ + return base.id() == ID_count_leading_zeros; +} + +inline void validate_expr(const count_leading_zeros_exprt &value) +{ + validate_operands(value, 1, "count_leading_zeros must have one operand"); +} + +/// \brief Cast an exprt to a \ref count_leading_zeros_exprt +/// +/// \a expr must be known to be \ref count_leading_zeros_exprt. +/// +/// \param expr: Source expression +/// \return Object of type \ref count_leading_zeros_exprt +inline const count_leading_zeros_exprt & +to_count_leading_zeros_expr(const exprt &expr) +{ + PRECONDITION(expr.id() == ID_count_leading_zeros); + const count_leading_zeros_exprt &ret = + static_cast(expr); + validate_expr(ret); + return ret; +} + +/// \copydoc to_count_leading_zeros_expr(const exprt &) +inline count_leading_zeros_exprt &to_count_leading_zeros_expr(exprt &expr) +{ + PRECONDITION(expr.id() == ID_count_leading_zeros); + count_leading_zeros_exprt &ret = + static_cast(expr); + validate_expr(ret); + return ret; +} + #endif // CPROVER_UTIL_BITVECTOR_EXPR_H diff --git a/src/util/format_expr.cpp b/src/util/format_expr.cpp index 9311f6227e6..d43cd8b4f78 100644 --- a/src/util/format_expr.cpp +++ b/src/util/format_expr.cpp @@ -151,6 +151,8 @@ static std::ostream &format_rec(std::ostream &os, const unary_exprt &src) os << u8"\u00ac"; // neg, U+00AC else if(src.id() == ID_unary_minus) os << '-'; + else if(src.id() == ID_count_leading_zeros) + os << "clz"; else return os << src.pretty(); diff --git a/src/util/simplify_expr.cpp b/src/util/simplify_expr.cpp index d3dfa08743d..a23dde76f80 100644 --- a/src/util/simplify_expr.cpp +++ b/src/util/simplify_expr.cpp @@ -148,6 +148,30 @@ simplify_exprt::simplify_popcount(const popcount_exprt &expr) return unchanged(expr); } +simplify_exprt::resultt<> +simplify_exprt::simplify_clz(const count_leading_zeros_exprt &expr) +{ + const auto const_bits_opt = expr2bits( + expr.op(), byte_extract_id() == ID_byte_extract_little_endian, ns); + + if(!const_bits_opt.has_value()) + return unchanged(expr); + + // expr2bits generates a bit string starting with the least-significant bit + std::size_t n_leading_zeros = const_bits_opt->rfind('1'); + if(n_leading_zeros == std::string::npos) + { + if(!expr.zero_permitted()) + return unchanged(expr); + + n_leading_zeros = const_bits_opt->size(); + } + else + n_leading_zeros = const_bits_opt->size() - n_leading_zeros - 1; + + return from_integer(n_leading_zeros, expr.type()); +} + /// Simplify String.endsWith function when arguments are constant /// \param expr: the expression to simplify /// \param ns: namespace @@ -2393,6 +2417,10 @@ simplify_exprt::resultt<> simplify_exprt::simplify_node(exprt node) { r = simplify_popcount(to_popcount_expr(expr)); } + else if(expr.id() == ID_count_leading_zeros) + { + r = simplify_clz(to_count_leading_zeros_expr(expr)); + } else if(expr.id() == ID_function_application) { r = simplify_function_application(to_function_application_expr(expr)); diff --git a/src/util/simplify_expr_class.h b/src/util/simplify_expr_class.h index 7b281b2408a..030318ee443 100644 --- a/src/util/simplify_expr_class.h +++ b/src/util/simplify_expr_class.h @@ -37,6 +37,7 @@ class bswap_exprt; class byte_extract_exprt; class byte_update_exprt; class concatenation_exprt; +class count_leading_zeros_exprt; class dereference_exprt; class div_exprt; class exprt; @@ -202,6 +203,9 @@ class simplify_exprt NODISCARD resultt<> simplify_function_application(const function_application_exprt &); + /// Try to simplify count-leading-zeros to a constant expression. + NODISCARD resultt<> simplify_clz(const count_leading_zeros_exprt &); + // auxiliary bool simplify_if_implies( exprt &expr, const exprt &cond, bool truth, bool &new_truth);