Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

java: inline range test #17997

Merged
merged 5 commits into from
Nov 26, 2024
Merged

java: inline range test #17997

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
15953bf
java: inline range test
yoff Nov 14, 2024
6ed8950
Apply suggestions from code review
yoff Nov 19, 2024
37935ee
java: separate bounds onto different lines
yoff Nov 25, 2024
25664d0
Java: Add support for non-integer bounds in inline expectations
yoff Nov 25, 2024
f508f8e
Java: address review comments
yoff Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 51 additions & 13 deletions java/ql/test/library-tests/dataflow/range-analysis-inline/B.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ public class B {
// that should also be annotated.
static void bound(int b) { }

public int forloop() {
public int forLoop() {
int result = 0;
for (int i = 0;
i < 10; // $ bound="i in [0..10]"
Expand All @@ -14,31 +14,31 @@ public int forloop() {
return result; // $ bound="result in [0..9]"
}

public int forloopexit() {
public int forLoopExit() {
int result = 0;
for (; result < 10;) { // $ bound="result in [0..10]"
result += 1; // $ bound="result in [0..9]"
}
return result; // $ bound="result = 10"
}

public int forloopexitstep() {
public int forLoopExitStep() {
int result = 0;
for (; result < 10;) { // $ bound="result in [0..12]"
result += 3; // $ bound="result in [0..9]"
}
return result; // $ bound="result = 12"
}

public int forloopexitupd() {
public int forLoopExitUpd() {
int result = 0;
for (; result < 10; // $ bound="result in [0..10]"
result++) { // $ bound="result in [0..9]"
}
return result; // $ bound="result = 10"
}

public int forloopexitnested() {
public int forLoopExitNested() {
int result = 0;
for (; result < 10;) {
int i = 0;
Expand All @@ -50,7 +50,7 @@ public int forloopexitnested() {
return result; // $ MISSING:bound="result = 12"
}

public int emptyforloop() {
public int emptyForLoop() {
int result = 0;
for (int i = 0; i < 0; // $ bound="i = 0"
i++) { // $ bound="i in [0..-1]"
Expand All @@ -59,45 +59,45 @@ public int emptyforloop() {
return result; // $ bound="result = 0"
}

public int noloop() {
public int noLoop() {
int result = 0;
result += 1; // $ bound="result = 0"
return result; // $ bound="result = 1"
}

public int foreachloop() {
public int foreachLoop() {
int result = 0;
for (int i : new int[] {1, 2, 3, 4, 5}) {
result = i;
}
return result;
}

public int emptyforeachloop() {
public int emptyForeachLoop() {
int result = 0;
for (int i : new int[] {}) {
result = i;
}
return result;
}

public int whileloop() {
public int whileLoop() {
int result = 100;
while (result > 5) { // $ bound="result in [4..100]"
result = result - 2; // $ bound="result in [6..100]"
}
return result; // $ bound="result = 4"
}

public int oddwhileloop() {
public int oddWhileLoop() {
int result = 101;
while (result > 5) { // $ bound="result in [5..101]"
result = result - 2; // $ bound="result in [7..101]"
}
return result; // $ bound="result = 5"
}

static void arraylength(int[] arr) {
static void arrayLength(int[] arr) {
bound(arr.length);
for (int i = 0;
i < arr.length;
Expand All @@ -106,15 +106,53 @@ static void arraylength(int[] arr) {
}
}

static int varbound(int b) {
static int varBound(int b) {
bound(b);
int result = 0;
for (int i = 0;
i < b;
i++) { // $ bound="i <= b - 1"
result = i; // $ bound="i <= b - 1"
}
return result; // We cannot conclude anything here, since we do not know that b > 0
}

static int varBoundPositiveGuard(int b) {
bound(b);
if (b > 0) {
int result = 0;
for (int i = 0;
i < b;
i++) { // $ bound="i <= b - 1"
result = i; // $ bound="i <= b - 1"
}
return result; // $ MISSING: bound="result <= b - 1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw. this is actually a case that potentially could be improved by some sort of "loop executes at least once" analysis.

} else {
return 0;
}
}

static int varBoundPositiveGuardEarlyReturn(int b) {
bound(b);
if (b <= 0) return 0;
int result = 0;
for (int i = 0;
i < b;
i++) { // $ bound="i <= b - 1"
result = i; // $ bound="i <= b - 1"
}
return result; // $ MISSING: bound="result <= b - 1"
Copy link
Contributor

@aschackmull aschackmull Nov 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not MISSING - such a bound would be wrong if b is negative or zero, and thus the range analysis won't infer it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, nice. So if I add a guard for b being positive, it might appear. Having both versions would be a good illustration of this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not get the bound to appear, so now there are just a bunch of negative tests..

}

static int varBoundPositiveAssert(int b) {
bound(b);
assert b > 0;
int result = 0;
for (int i = 0;
i < b;
i++) { // $ bound="i <= b - 1"
result = i; // $ bound="i <= b - 1"
}
return result; // $ MISSING: bound="result <= b - 1"
}
}
9 changes: 3 additions & 6 deletions java/ql/test/library-tests/dataflow/range-analysis-inline/range.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import java
import semmle.code.java.dataflow.RangeAnalysis
private import TestUtilities.InlineExpectationsTest as IET
private import semmle.code.java.dataflow.DataFlow

module RangeTest implements IET::TestSig {
string getARelevantTag() { result = "bound" }
Expand All @@ -29,10 +28,8 @@ module RangeTest implements IET::TestSig {
)
or
// advanced bounds
exists(
Expr e, int delta, string deltaStr, boolean upper, string cmp, Bound b, Expr boundExpr
|
annotatedBound(e, b, boundExpr, delta, upper) and
exists(Expr e, int delta, string deltaStr, boolean upper, string cmp, Expr boundExpr |
annotatedBound(e, _, boundExpr, delta, upper) and
e instanceof VarRead and
e.getCompilationUnit().fromSource() and
(
Expand Down Expand Up @@ -67,7 +64,7 @@ module RangeTest implements IET::TestSig {
boundExpr = b.getExpr() and
exists(Call c | c.getCallee().getName() = "bound" and c.getArgument(0) = boundExpr) and
// non-trivial bound
(DataFlow::localFlow(DataFlow::exprNode(boundExpr), DataFlow::exprNode(e)) implies delta != 0)
not e = b.getExpr()
}
}

Expand Down