github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Java: Fix range analysis bug where int was assumed.

This commit is contained in:
Anders Schack-Mulligen 2019-11-15 15:08:14 +01:00
Родитель f813e06680
Коммит 81a90943c0
2 изменённых файлов: 22 добавлений и 4 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

18
java/ql/src/semmle/code/java/dataflow/RangeAnalysis.qll
Просмотреть файл

@ -375,6 +375,16 @@ private class NarrowingCastExpr extends CastExpr {
int getUpperBound() { typeBound(getType(), _, result) } int getUpperBound() { typeBound(getType(), _, result) }
} }
/** Holds if `e >= 1` as determined by sign analysis. */
private predicate strictlyPositiveIntegralExpr(Expr e) {
strictlyPositive(e) and e.getType() instanceof IntegralType
}
/** Holds if `e <= -1` as determined by sign analysis. */
private predicate strictlyNegativeIntegralExpr(Expr e) {
strictlyNegative(e) and e.getType() instanceof IntegralType
}
/** /**
* Holds if `e1 + delta` is a valid bound for `e2`. * Holds if `e1 + delta` is a valid bound for `e2`.
* - `upper = true` : `e2 <= e1 + delta` * - `upper = true` : `e2 <= e1 + delta`
@ -400,13 +410,13 @@ private predicate boundFlowStep(Expr e2, Expr e1, int delta, boolean upper) {
// `x instanceof ConstantIntegerExpr` is covered by valueFlowStep // `x instanceof ConstantIntegerExpr` is covered by valueFlowStep
not x instanceof ConstantIntegerExpr and not x instanceof ConstantIntegerExpr and
not e1 instanceof ConstantIntegerExpr and not e1 instanceof ConstantIntegerExpr and
if strictlyPositive(x) if strictlyPositiveIntegralExpr(x)
then upper = false and delta = 1 then upper = false and delta = 1
else else
if positive(x) if positive(x)
then upper = false and delta = 0 then upper = false and delta = 0
else else
if strictlyNegative(x) if strictlyNegativeIntegralExpr(x)
then upper = true and delta = -1 then upper = true and delta = -1
else else
if negative(x) if negative(x)
@ -429,13 +439,13 @@ private predicate boundFlowStep(Expr e2, Expr e1, int delta, boolean upper) {
| |
// `x instanceof ConstantIntegerExpr` is covered by valueFlowStep // `x instanceof ConstantIntegerExpr` is covered by valueFlowStep
not x instanceof ConstantIntegerExpr and not x instanceof ConstantIntegerExpr and
if strictlyPositive(x) if strictlyPositiveIntegralExpr(x)
then upper = true and delta = -1 then upper = true and delta = -1
else else
if positive(x) if positive(x)
then upper = true and delta = 0 then upper = true and delta = 0
else else
if strictlyNegative(x) if strictlyNegativeIntegralExpr(x)
then upper = false and delta = 1 then upper = false and delta = 1
else else
if negative(x) if negative(x)

8
java/ql/test/query-tests/UselessComparisonTest/C.java
Просмотреть файл

@ -3,4 +3,12 @@ public class C {
return (x < 0 || x > 1 || Double.isNaN(x)) ? Double.NaN : return (x < 0 || x > 1 || Double.isNaN(x)) ? Double.NaN :
x == 0 ? 0 : x == 1 ? 1 : 0.5; x == 0 ? 0 : x == 1 ? 1 : 0.5;
} }
void m2(double x) {
if (x > 0) {
double y = 1 - x;
if (y > 0) { // OK
}
}
}
} }