Skip to content

C++: Range analysis guard improvement #20584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

C++: Range analysis guard improvement #20584

wants to merge 4 commits into from
+925 −806

Conversation

paldepind
Copy link
Contributor

@paldepind paldepind commented Oct 4, 2025
edited
Loading

This PR changes how bounds are adjusted for integral types.

If we have a strict lower bound > 1 on an integer then the lower bound is 2. As of now, this is achieved by adding 1 to the lower bound. However, this adjustment is not always ideal.

For this guard, where e is an integer:

(2 * e + 1) > 0

We deduce a lower bound of > -0.5 and after adding 1 we get 0.5. For such a fractional lower bound adding 1 doesn't really make sense. This PR tweaks this slightly, such that the lower bound ends up being 0. A similar adjustment is made for upper bounds.

I ran into this when debugging a performance issue where this showed up. This adjustment didn't fix the performance issue, but I think it's still worthwhile.

Per-commit review is suggested — I also snuck in a few orthogonal changes.

I think the DCA report looks ok. But I'm not used to reading C/C++ reports, so someone else can judge better than me.

@github-actions github-actions bot added the C++ label Oct 4, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 4, 2025
View reviewed changes
@paldepind paldepind force-pushed the cpp/range-analysis-fix branch from a4d2455 to ba29a0a Compare October 4, 2025 14:59
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 4, 2025
View reviewed changes
@paldepind paldepind force-pushed the cpp/range-analysis-fix branch 2 times, most recently from 297f62d to 61f30c9 Compare October 5, 2025 09:41
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 5, 2025
View reviewed changes
cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
}

/** Provides predicates for debugging the simple range analysis library. */
private module Debug {

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
@paldepind paldepind force-pushed the cpp/range-analysis-fix branch from 61f30c9 to c4f9212 Compare October 5, 2025 09:58
HeeMa6

This comment was marked as spam.

Sign in to view

@paldepind paldepind changed the title C++: Range analysis fix C++: Range analysis guard improvement Oct 6, 2025
@paldepind paldepind marked this pull request as ready for review October 6, 2025 07:52
@paldepind paldepind requested a review from a team as a code owner October 6, 2025 07:52
@paldepind paldepind requested review from MathiasVP and Copilot October 6, 2025 07:52
Copilot
Copilot AI reviewed Oct 6, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves how bounds are adjusted for integral types in C++ range analysis. Instead of simply adding/subtracting 1 to adjust bounds from fractional values like -0.5 to 0.5, it now properly handles the conversion to integer bounds by using floor operations to compute more accurate integer bounds.

Key changes:

  • Introduces new helper functions adjustLowerBoundIntegral and adjustUpperBoundIntegral for proper bound adjustment
  • Replaces simple arithmetic adjustment with floor-based calculations that handle fractional bounds correctly

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
SimpleRangeAnalysis.qll Adds new adjustment functions and updates bound calculation logic for integral types
RangeAnalysisUtils.qll Adds toString method to RelationStrictness class and improves documentation
test.c Adds new test cases for inequality-derived integer bounds
upperBound.expected Updated test expectations reflecting improved bound calculations
ternaryUpper.expected Updated test expectations for ternary expressions
ternaryLower.expected Updated test expectations for ternary expressions
lowerBound.expected Updated test expectations reflecting improved bound calculations

cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
Comment on lines +1888 to +1917
/** Provides predicates for debugging the simple range analysis library. */
private module Debug {
Locatable getRelevantLocatable() {
exists(string filepath, int startline |
result.getLocation().hasLocationInfo(filepath, startline, _, _, _) and
filepath.matches("%/test.c") and
startline = [464 .. 472]
)
}

float debugGetFullyConvertedLowerBounds(Expr expr) {
expr = getRelevantLocatable() and
result = getFullyConvertedLowerBounds(expr)
}

float debugGetLowerBoundsImpl(Expr e, string kl) {
e = getRelevantLocatable() and
result = getLowerBoundsImpl(e) and
kl = e.getPrimaryQlClasses()
}

/**
* Counts the number of lower bounds for a given expression. This predicate is
* useful for identifying performance issues in the range analysis.
*/
predicate nrOfLowerBounds(Expr e, int n) {
e = getRelevantLocatable() and
n = strictcount(float lb | lb = getLowerBoundsImpl(e) | lb)
}
}
Copy link

Copilot AI Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This debug module should be removed before merging to production. It contains hardcoded file paths and line numbers specific to testing, which makes it inappropriate for production code.

Suggested change
/** Provides predicates for debugging the simple range analysis library. */
private module Debug {
Locatable getRelevantLocatable() {
exists(string filepath, int startline |
result.getLocation().hasLocationInfo(filepath, startline, _, _, _) and
filepath.matches("%/test.c") and
startline = [464 .. 472]
)
}
float debugGetFullyConvertedLowerBounds(Expr expr) {
expr = getRelevantLocatable() and
result = getFullyConvertedLowerBounds(expr)
}
float debugGetLowerBoundsImpl(Expr e, string kl) {
e = getRelevantLocatable() and
result = getLowerBoundsImpl(e) and
kl = e.getPrimaryQlClasses()
}
/**
* Counts the number of lower bounds for a given expression. This predicate is
* useful for identifying performance issues in the range analysis.
*/
predicate nrOfLowerBounds(Expr e, int n) {
e = getRelevantLocatable() and
n = strictcount(float lb | lb = getLowerBoundsImpl(e) | lb)
}
}

Copilot uses AI. Check for mistakes.

@paldepind paldepind added the no-change-note-required This PR does not need a change note label Oct 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MathiasVP MathiasVP Awaiting requested review from MathiasVP

+1 more reviewer

@HeeMa6 HeeMa6 HeeMa6 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

C++ no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paldepind @HeeMa6