Remove __CPROVER_malloc_object

Its use was deprecated since 2021-05-06. The only remaining need for
tracking this object is to distinguish new vs new[] (and delete vs
delete[]). This specific case is now handled via __CPROVER_new_object.

Author: tautschnig

doc/architectural/memory-bounds-checking.md

@@ -30,19 +30,10 @@ inline void *malloc(__CPROVER_size_t malloc_size)
 {
   void *malloc_res;
   malloc_res = __CPROVER_allocate(malloc_size, 0);
-
-  __CPROVER_bool record_malloc = __VERIFIER_nondet___CPROVER_bool();
-  __CPROVER_malloc_object = record_malloc ? malloc_res : __CPROVER_malloc_object;
-
   return malloc_res;
 }
 ```
 
-The internal variable `__CPROVER_malloc_object`
-is initialized to 0 in the `__CPROVER_initialize()` function of a goto program.
-The nondeterministic switch controls whether the address of the memory
-block allocated in this particular invocation of `malloc()` is recorded.
-
 When the option `--pointer-check` is used, cbmc generates the following
 verification condition for each pointer dereference expression (e.g.,
 `*pointer`):
@@ -73,8 +64,7 @@ int main()
 ```
 
 Here the verification condition generated for the pointer dereference should
-fail. In the approach outlined above it indeed can, as one can choose true for
-`__VERIFIER_nondet___CPROVER_bool()` in the first call
-to `malloc()`, and false for `__VERIFIER_nondet___CPROVER_bool()` in the second
-call to `malloc()`. Thus, the object address of the first call to
-`malloc()` is recorded in `__CPROVER_malloc_object`.
+fail: for `p1` in `*p1`, `__CPROVER_POINTER_OFFSET` will evaluate to 1 (owing to
+the increment `p1++`, and `__CPROVER_OBJECT_SIZE` will also evaluate to 1.
+Consequently, the less-than comparison in the verification condition evaluates
+to false.

jbmc/src/java_bytecode/java_bytecode_internal_additions.cpp

@@ -36,20 +36,6 @@ void java_internal_additions(symbol_table_baset &dest)
     dest.add(symbol);
   }
 
-  // add __CPROVER_malloc_object
-
-  {
-    symbolt symbol;
-    symbol.base_name = CPROVER_PREFIX "malloc_object";
-    symbol.name=CPROVER_PREFIX "malloc_object";
-    symbol.type = pointer_type(java_void_type());
-    symbol.mode=ID_C;
-    symbol.is_lvalue=true;
-    symbol.is_state_var=true;
-    symbol.is_thread_local=true;
-    dest.add(symbol);
-  }
-
   {
     auxiliary_symbolt symbol;
     symbol.base_name = INFLIGHT_EXCEPTION_VARIABLE_BASENAME;

regression/goto-analyzer/sensitivity-last-written-locations-arrays/test.desc

@@ -9,8 +9,8 @@ main#return_value \(\) -> TOP @ \[1\]
 __CPROVER_dead_object \(\) -> TOP @ \[5\]
 __CPROVER_deallocated \(\) -> TOP @ \[6\]
 __CPROVER_malloc_is_new_array \(\) -> FALSE @ \[9\]
-__CPROVER_malloc_object \(\) -> TOP @ \[10\]
-__CPROVER_memory_leak \(\) -> TOP @ \[12\]
+__CPROVER_memory_leak \(\) -> TOP @ \[11\]
+__CPROVER_new_object \(\) -> TOP @ \[12\]
 __CPROVER_next_thread_key \(\) -> 0ul @ \[14\]
 __CPROVER_pipe_count \(\) -> 0u @ \[15\]
 __CPROVER_rounding_mode \(\) -> 0 @ \[16\]

regression/goto-analyzer/sensitivity-last-written-locations-pointers/test.desc

@@ -9,8 +9,8 @@ main#return_value \(\) -> TOP @ \[1\]
 __CPROVER_dead_object \(\) -> TOP @ \[5\]
 __CPROVER_deallocated \(\) -> TOP @ \[6\]
 __CPROVER_malloc_is_new_array \(\) -> FALSE @ \[9\]
-__CPROVER_malloc_object \(\) -> TOP @ \[10\]
-__CPROVER_memory_leak \(\) -> TOP @ \[12\]
+__CPROVER_memory_leak \(\) -> TOP @ \[11\]
+__CPROVER_new_object \(\) -> TOP @ \[12\]
 __CPROVER_next_thread_key \(\) -> 0ul @ \[14\]
 __CPROVER_pipe_count \(\) -> 0u @ \[15\]
 __CPROVER_rounding_mode \(\) -> 0 @ \[16\]

regression/goto-analyzer/sensitivity-last-written-locations-structs/test.desc

@@ -9,8 +9,8 @@ main#return_value \(\) -> TOP @ \[1\]
 __CPROVER_dead_object \(\) -> TOP @ \[5\]
 __CPROVER_deallocated \(\) -> TOP @ \[6\]
 __CPROVER_malloc_is_new_array \(\) -> FALSE @ \[9\]
-__CPROVER_malloc_object \(\) -> TOP @ \[10\]
-__CPROVER_memory_leak \(\) -> TOP @ \[12\]
+__CPROVER_memory_leak \(\) -> TOP @ \[11\]
+__CPROVER_new_object \(\) -> TOP @ \[12\]
 __CPROVER_next_thread_key \(\) -> 0ul @ \[14\]
 __CPROVER_pipe_count \(\) -> 0u @ \[15\]
 __CPROVER_rounding_mode \(\) -> 0 @ \[16\]

regression/goto-analyzer/sensitivity-last-written-locations-variables/test.desc

@@ -8,8 +8,8 @@ __CPROVER_alloca_object \(\) -> TOP @ \[4\]
 __CPROVER_dead_object \(\) -> TOP @ \[5\]
 __CPROVER_deallocated \(\) -> TOP @ \[6\]
 __CPROVER_malloc_is_new_array \(\) -> FALSE @ \[9\]
-__CPROVER_malloc_object \(\) -> TOP @ \[10\]
-__CPROVER_memory_leak \(\) -> TOP @ \[12\]
+__CPROVER_memory_leak \(\) -> TOP @ \[11\]
+__CPROVER_new_object \(\) -> TOP @ \[12\]
 __CPROVER_next_thread_key \(\) -> 0ul @ \[14\]
 __CPROVER_pipe_count \(\) -> 0u @ \[15\]
 __CPROVER_rounding_mode \(\) -> 0 @ \[16\]

src/analyses/escape_analysis.cpp

@@ -19,7 +19,6 @@ bool escape_domaint::is_tracked(const symbol_exprt &symbol)
   const irep_idt &identifier=symbol.get_identifier();
   if(
     identifier == CPROVER_PREFIX "memory_leak" ||
-    identifier == CPROVER_PREFIX "malloc_object" ||
     identifier == CPROVER_PREFIX "dead_object" ||
     identifier == CPROVER_PREFIX "deallocated")
   {

src/ansi-c/ansi_c_internal_additions.cpp

@@ -178,7 +178,7 @@ void ansi_c_internal_additions(std::string &code)
     // malloc
     "const void *" CPROVER_PREFIX "deallocated=0;\n"
     "const void *" CPROVER_PREFIX "dead_object=0;\n"
-    "const void *" CPROVER_PREFIX "malloc_object=0;\n"
+    "const void *" CPROVER_PREFIX "new_object=0;\n" // for C++
     CPROVER_PREFIX "bool " CPROVER_PREFIX "malloc_is_new_array=0;\n" // for C++
     "const void *" CPROVER_PREFIX "memory_leak=0;\n"
     "void *" CPROVER_PREFIX "allocate("

src/ansi-c/library/cprover.h

@@ -12,7 +12,7 @@ Author: Daniel Kroening, [email protected]
 typedef __typeof__(sizeof(int)) __CPROVER_size_t;
 void *__CPROVER_allocate(__CPROVER_size_t size, __CPROVER_bool zero);
 extern const void *__CPROVER_deallocated;
-extern const void *__CPROVER_malloc_object;
+extern const void *__CPROVER_new_object;
 extern _Bool __CPROVER_malloc_is_new_array;
 extern const void *__CPROVER_memory_leak;
 

src/ansi-c/library/stdlib.c

@@ -111,8 +111,6 @@ __CPROVER_HIDE:;
 
   // record the object size for non-determistic bounds checking
   __CPROVER_bool record_malloc = __VERIFIER_nondet___CPROVER_bool();
-  __CPROVER_malloc_object =
-    record_malloc ? malloc_res : __CPROVER_malloc_object;
   __CPROVER_malloc_is_new_array =
     record_malloc ? 0 : __CPROVER_malloc_is_new_array;
 
@@ -175,8 +173,6 @@ __CPROVER_HIDE:;
 
   // record the object size for non-determistic bounds checking
   __CPROVER_bool record_malloc = __VERIFIER_nondet___CPROVER_bool();
-  __CPROVER_malloc_object =
-    record_malloc ? malloc_res : __CPROVER_malloc_object;
   __CPROVER_malloc_is_new_array =
     record_malloc ? 0 : __CPROVER_malloc_is_new_array;
 
@@ -207,7 +203,6 @@ inline void *__builtin_alloca(__CPROVER_size_t alloca_size)
 
   // record the object size for non-determistic bounds checking
   __CPROVER_bool record_malloc=__VERIFIER_nondet___CPROVER_bool();
-  __CPROVER_malloc_object=record_malloc?res:__CPROVER_malloc_object;
   __CPROVER_malloc_is_new_array=record_malloc?0:__CPROVER_malloc_is_new_array;
 
   // record alloca to detect invalid free
@@ -258,10 +253,9 @@ inline void free(void *ptr)
 
   // catch people who try to use free(...) for stuff
   // allocated with new[]
-  __CPROVER_precondition(ptr==0 ||
-                         __CPROVER_malloc_object!=ptr ||
-                         !__CPROVER_malloc_is_new_array,
-                         "free called for new[] object");
+  __CPROVER_precondition(
+    ptr == 0 || __CPROVER_new_object != ptr || !__CPROVER_malloc_is_new_array,
+    "free called for new[] object");
 
   // catch people who try to use free(...) with alloca
   __CPROVER_precondition(