Support overflow plus/minus expressions over pointers

[tautschnig]

We did not specify that using overflow+/overflow- for pointer +/-
integer was unsupported. The translation via regular arithmetic
overflow, however, would produce results that did not take into account
the peculiarities of pointer arithmetic.

Fixing this now also makes it possible to take into account the
implementation details of the object/offset encoding, which would result
in overflows even when full-width addition/subtraction would not have
overflowed.

Fixes: #6842

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #6881 (d70c7c7) into develop (b2780f1) will increase coverage by 0.00%.
The diff coverage is 95.12%.

@@           Coverage Diff            @@
##           develop    #6881   +/-   ##
========================================
  Coverage    77.79%   77.80%           
========================================
  Files         1567     1567           
  Lines       179841   179898   +57     
========================================
+ Hits        139913   139969   +56     
- Misses       39928    39929    +1     

Impacted Files	Coverage Δ
src/ansi-c/goto_check_c.cpp	91.14% <57.14%> (-0.34%)	⬇️
src/solvers/flattening/bv_pointers.cpp	86.27% <97.87%> (+1.10%)	⬆️
src/solvers/smt2/smt2_conv.cpp	67.58% <100.00%> (+0.32%)	⬆️
src/util/simplify_expr.cpp	85.81% <0.00%> (+0.07%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dd10704...d70c7c7. Read the comment docs.

[kroening]

I do see an issue here considering the semantics of the user-visible check. The C standard is very clear that even just computing a pointer that's "below" the object or more than one past the end is undefined behaviour. As a user, I'd expect that to be checked when told that the tool checks pointer overflow.

I suspect that the rationale for this PR is that the limited-width pointer encoding means that we don't -- however, the proposed check is incomparable to the one the user wants.

[kroening]

I'd say that the proper answer to this problem is to get "full width" pointers, and then to check the pointer range against the object size on any pointer arithmetic expression whenever --pointer-check is given.