fix #6615

make rewriting exception safe (for cancelation).
The state during restart in smt_context is not exception safe.

src/ast/rewriter/seq_axioms.cpp

@@ -1237,7 +1237,7 @@ namespace seq {
             seq.str.is_string(x)) {
             expr_ref len(n, m);
             m_rewrite(len);
-            SASSERT(n != len);
+            SASSERT(m.limit().is_canceled() || n != len);
             add_clause(mk_eq(len, n));
         }
         else {

src/ast/rewriter/th_rewriter.cpp

@@ -967,17 +967,41 @@ void th_rewriter::reset() {
 }
 
 void th_rewriter::operator()(expr_ref & term) {
-    expr_ref result(term.get_manager());
+    expr_ref result(term.get_manager());    
-    m_imp->operator()(term, result);
+    try {
-    term = std::move(result);
+        m_imp->operator()(term, result);
+        term = std::move(result);
+    }
+    catch (...) {
+        if (!term.get_manager().inc())
+            return;
+        throw;
+    }
 }
 
 void th_rewriter::operator()(expr * t, expr_ref & result) {
-    m_imp->operator()(t, result);
+    try {
+        m_imp->operator()(t, result);
+    }
+    catch (...) {
+        result = t;
+        if (!result.get_manager().inc())
+            return;
+        throw;
+    }
 }
 
 void th_rewriter::operator()(expr * t, expr_ref & result, proof_ref & result_pr) {
-    m_imp->operator()(t, result, result_pr);
+    try {
+        m_imp->operator()(t, result, result_pr);
+    }
+    catch (...) {
+        result = t;
+        result_pr = nullptr;
+        if (!result.get_manager().inc())
+            return;
+        throw;
+    }
 }
 
 expr_ref th_rewriter::operator()(expr * n, unsigned num_bindings, expr * const * bindings) {