Conversation
java/ql/test/library-tests/dataflow/range-analysis-inline/range.ql
Outdated
Show resolved
Hide resolved
java/ql/test/library-tests/dataflow/range-analysis-inline/range.ql
Outdated
Show resolved
Hide resolved
java/ql/test/library-tests/dataflow/range-analysis-inline/B.java
Outdated
Show resolved
Hide resolved
|
|
||
| public int forloopexitupd() { | ||
| int result = 0; | ||
| for (; result < 10; result++) { // $ bound="result in [0..9]" bound="result in [0..10]" |
There was a problem hiding this comment.
Yes, I will get that done.
|
|
||
| public int emptyforloop() { | ||
| int result = 0; | ||
| for (int i = 0; i < 0; i++) { // $ bound="i = 0" bound="i in [0..-1]" |
|
One of the key features of the range analysis library is the ability to report bounds in terms of SSA variables or interesting expressions such as But feel free to take or leave this suggestion, depending on how much effort you want to put in, as it's also fine to just merge what's already here in the PR. |
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
I think that is a nice idea. The current set of tests is based on my hunt for opportunities to improve range analysis results by rewriting the CFG. But the current PR should rather just present a useful set of tests for range analysis, so I will give this a go :-) |
This can probably still be improved quite a bit. But now there is at least support for annotating non-integer bounds. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| i++) { // $ bound="i <= b - 1" | ||
| result = i; // $ bound="i <= b - 1" | ||
| } | ||
| return result; // $ MISSING: bound="result <= b - 1" |
There was a problem hiding this comment.
That's not MISSING - such a bound would be wrong if b is negative or zero, and thus the range analysis won't infer it.
There was a problem hiding this comment.
Ah, nice. So if I add a guard for b being positive, it might appear. Having both versions would be a good illustration of this.
There was a problem hiding this comment.
I could not get the bound to appear, so now there are just a bunch of negative tests..
| boundExpr = b.getExpr() and | ||
| exists(Call c | c.getCallee().getName() = "bound" and c.getArgument(0) = boundExpr) and | ||
| // non-trivial bound | ||
| (DataFlow::localFlow(DataFlow::exprNode(boundExpr), DataFlow::exprNode(e)) implies delta != 0) |
There was a problem hiding this comment.
This constraint looks very weird. Perhaps something like this would suffice?
| (DataFlow::localFlow(DataFlow::exprNode(boundExpr), DataFlow::exprNode(e)) implies delta != 0) | |
| not e = b.getExpr() |
There was a problem hiding this comment.
I tried that first, but it let through some trivial things. However, it works now...I think I am not used to ensuring the test file compiles all the time... 😅
| exists( | ||
| Expr e, int delta, string deltaStr, boolean upper, string cmp, Bound b, Expr boundExpr | ||
| | | ||
| annotatedBound(e, b, boundExpr, delta, upper) and |
There was a problem hiding this comment.
| annotatedBound(e, b, boundExpr, delta, upper) and | |
| annotatedBound(e, _, boundExpr, delta, upper) and |
| import java | ||
| import semmle.code.java.dataflow.RangeAnalysis | ||
| private import TestUtilities.InlineExpectationsTest as IET | ||
| private import semmle.code.java.dataflow.DataFlow |
There was a problem hiding this comment.
We should not add data flow to the mix.
| private import semmle.code.java.dataflow.DataFlow |
| i++) { // $ bound="i <= b - 1" | ||
| result = i; // $ bound="i <= b - 1" | ||
| } | ||
| return result; // $ MISSING: bound="result <= b - 1" |
There was a problem hiding this comment.
Btw. this is actually a case that potentially could be improved by some sort of "loop executes at least once" analysis.
3 participants
This adds inline expectation test for the java range analysis.
Feel free to suggest better tests or better syntax.
Pull Request checklist
All query authors
.qhelp. See the documentation in this repository.Internal query authors only
.ql,.qll, or.qhelpfiles. See the documentation (internal access required).