Unwarranted "equality without matching types" error

[cliffordwolf]

The following example code causes CBMC to fail with an equality without matching types error:

#include <assert.h>
#include <stdint.h>
#include <stdbool.h>

#undef HOTFIX

typedef struct {
  uint32_t value_31_0 : 32;
} signal32_t;

typedef struct {
  uint8_t value_0_0 : 1;
} signal1_t;

static inline bool yosys_simplec_get_bit_25_of_32(const signal32_t *sig)
{
  return (sig->value_31_0 >> 25) & 1;
}

struct rvfi_insn_srai_state_t
{
  signal32_t rvfi_insn;
  signal32_t rvfi_rs1_rdata;
  signal1_t _abc_1398_n364;
  signal1_t _abc_1398_n363;
};

void test(rvfi_insn_srai_state_t state, bool valid)
{
#ifndef HOTFIX
  state._abc_1398_n364.value_0_0 = yosys_simplec_get_bit_25_of_32(&state.rvfi_insn) ?
      yosys_simplec_get_bit_25_of_32(&state.rvfi_rs1_rdata) : state._abc_1398_n363.value_0_0;
#else
  state._abc_1398_n364.value_0_0 = yosys_simplec_get_bit_25_of_32(&state.rvfi_insn) ?
      yosys_simplec_get_bit_25_of_32(&state.rvfi_rs1_rdata) : (bool)state._abc_1398_n363.value_0_0;
#endif

  assert(valid);
}

I'm running this with cbmc --function test test.cc using todays git head.

Defining HOTFIX (and thus explicitly casting state._abc_1398_n363.value_0_0 from uint8_t : 1 to bool in the third argument to the ternary operator) works around the issue. GCC 5.4 and Clang 3.8 both accept the above code without warnings.

[tautschnig]

My apologies for the late response. Is it intentional that you are using C++ in this example, i.e., are you trying to exercise the C++ front-end? Your example does work fine in C mode (but I can confirm the issue when using C++ mode).

[cliffordwolf]

Yes, using C++ is intentional. I reduced this from a larger test case that is in fact using C++ features. (methods and some relatively simple templates afair)

[tautschnig]

Ok, thanks for confirming. (The use of stdbool was surprising.) While the C++ front-end is known to have a lot of issues, I believe @peterschrammel does have patches flying around. I'd prefer to avoid redundant work, so maybe he can chime in.

[cliffordwolf]

The use of stdbool was surprising.

I can explain where that came from: In the original test case I was checking C code from one source against C++ code from another source. The resulting input to cbmc was a C++ file, but the stdbool include survived from the C portion.

In case you are interested: I'm formally verifying the Verilog instruction models in riscv-formal against the (C++) code in riscv-isa-sim, by converting the Verilog code to C using the Yosys C back-end.

[TGWDB]

No longer reproducible.

[tautschnig]

Re-opening as this is still relevant (note that it's an issue when using the C++ front-end only!). Here's a slightly extended version to work around issues with --function and the C++ front-end:

#include <assert.h>
#include <stdint.h>
#include <stdbool.h>

#undef HOTFIX

typedef struct {
  uint32_t value_31_0 : 32;
} signal32_t;

typedef struct {
  uint8_t value_0_0 : 1;
} signal1_t;

static inline bool yosys_simplec_get_bit_25_of_32(const signal32_t *sig)
{
  return (sig->value_31_0 >> 25) & 1;
}

struct rvfi_insn_srai_state_t
{
  signal32_t rvfi_insn;
  signal32_t rvfi_rs1_rdata;
  signal1_t _abc_1398_n364;
  signal1_t _abc_1398_n363;
};

void test(rvfi_insn_srai_state_t state, bool valid)
{
#ifndef HOTFIX
  state._abc_1398_n364.value_0_0 = yosys_simplec_get_bit_25_of_32(&state.rvfi_insn) ?
      yosys_simplec_get_bit_25_of_32(&state.rvfi_rs1_rdata) : state._abc_1398_n363.value_0_0;
#else
  state._abc_1398_n364.value_0_0 = yosys_simplec_get_bit_25_of_32(&state.rvfi_insn) ?
      yosys_simplec_get_bit_25_of_32(&state.rvfi_rs1_rdata) : (bool)state._abc_1398_n363.value_0_0;
#endif

  assert(valid);
}

int main(int argc, char* argv[])
{
  rvfi_insn_srai_state_t state;
  bool valid;
  test(state, valid);
}