Fix overflow in conversion from uvalue to svalue

[Alan-Jowett]

Resolves: #732
Resolves: #766
Resolves: #767
Resolves: #768

Invoke the overflow_* APIs to handle cases where the value would have overflowed.

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Enhanced handling of arithmetic operations, including left and right shifts.
  • Introduced a method for sign extension of integers.
  • Improved error handling for arithmetic operations.

• Tests

  • Added multiple test cases to validate that both signed and unsigned right shifts, as well as left shifts, by zero are idempotent, ensuring the original value remains unchanged across various scenarios.

[coderabbitai]

Warning

Rate limit exceeded

@Alan-Jowett has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 18 minutes and 23 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f4c915a and d885eba.

Walkthrough

The changes in this pull request primarily enhance the ebpf_domain_t class in src/crab/ebpf_domain.cpp, focusing on arithmetic operations and overflow handling. Key updates include improved handling of left and right shift operations, refined overflow checks, and enhanced control flow to ensure valid operations. Additionally, multiple new test cases are added in test-data/shift.yaml to validate the behavior of both signed and unsigned right shift operations, particularly focusing on the idempotent nature of shifting by zero.

Changes

File	Change Summary
src/crab/ebpf_domain.cpp	- Enhanced arithmetic operations (shl, lshr) to ensure correct assignment and overflow checks.
	- Refined overflow handling for both signed and unsigned operations.
	- Adjusted control flow to validate conditions before performing operations.
	- Updated method signatures for arithmetic operations.
test-data/shift.yaml	- Added multiple test cases to check idempotency of shifts by zero for both signed and unsigned operations.

Assessment against linked issues

Objective	Addressed	Explanation
Check that unsigned right shift by 0 is idempotent (766)	✅

Possibly related issues

• check that signed right shift by 0 is idempotent fails #767: The improvements may relate to the signed right shift operation's idempotency checks.
• check that unsigned left shift by 0 is idempotent fails #768: Although this issue pertains to left shift, the changes may help in resolving similar idempotency concerns.

Possibly related PRs

• Cleanup interval bound handling #692: Modifications to src/crab/ebpf_domain.cpp that improve interval and constraint handling, aligning with this PR's arithmetic enhancements.
• When doing module and division, first cast to unsigned 32 bit then promote to 64 bit #731: Enhancements to unsigned division and modulo operations that relate to the arithmetic improvements in this PR.
• Restrict udiv optimization to case where both are singletons #737: Optimizations in modulo operations within the interval_t class, relevant to the arithmetic operations in this PR.
• Reject binary ops where the source is an uninitialized register #740: Introduces assertions for operations involving uninitialized registers, which may relate to control flow adjustments in this PR.
• Fix off-by-one error in stack access check #755: Changes in stack access validation that connect to improvements in handling arithmetic operations.

Suggested reviewers

• dthaler

Poem

In the land of code where rabbits play,
Shifts and signs dance in a bright array.
With careful checks and bounds so neat,
Our numbers leap, a joyful feat!
So let us hop and celebrate,
For arithmetic now feels first-rate! 🐰✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between defa790 and da857be.

📒 Files selected for processing (2)

• src/crab/ebpf_domain.cpp (1 hunks)
• test-data/shift.yaml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

src/crab/ebpf_domain.cpp (1)

Learnt from: elazarg
PR: vbpf/ebpf-verifier#709
File: src/crab/ebpf_domain.cpp:2498-2498
Timestamp: 2024-09-30T22:42:59.728Z
Learning: When casting from larger integer types to smaller signed integer types, prefer using `gsl::narrow` over `static_cast`.

🔇 Additional comments (2)

test-data/shift.yaml (1)

1109-1139: Test case effectively validates unsigned right shift by 0.

The test case is well-structured and thoroughly validates that an unsigned right shift by 0 preserves the original value, which is crucial for the PR's objective of handling value conversions correctly. It uses a carefully chosen test value that has different signed and unsigned representations, making it effective for testing potential overflow scenarios.

src/crab/ebpf_domain.cpp (1)

2377-2378: Properly handling conversion from uvalue to svalue to prevent overflow

The added condition ensures that both ub_n and lb_n fit into int64_t and that ub_n.narrow<int64_t>() is greater than or equal to lb_n.narrow<int64_t>() before assigning dst.svalue to dst.uvalue. This validation prevents potential overflow issues when converting unsigned values to signed values and ensures the correctness of the interval assignment.

[coveralls]

coverage: 90.484% (+0.01%) from 90.473%
when pulling d885eba on Alan-Jowett:issue766
into defa790 on vbpf:main.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between da857be and 609e11f.

📒 Files selected for processing (2)

• src/crab/ebpf_domain.cpp (1 hunks)
• test-data/shift.yaml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

src/crab/ebpf_domain.cpp (1)

Learnt from: elazarg
PR: vbpf/ebpf-verifier#709
File: src/crab/ebpf_domain.cpp:2498-2498
Timestamp: 2024-09-30T22:42:59.728Z
Learning: When casting from larger integer types to smaller signed integer types, prefer using `gsl::narrow` over `static_cast`.

🔇 Additional comments (4)

test-data/shift.yaml (3)

1109-1145: LGTM! Well-structured test case for edge value.

The test case effectively verifies the idempotent property of right shift by 0 using the maximum negative signed 64-bit value (0x8000000000000000), which is a crucial edge case for testing overflow scenarios.

---

1146-1183: LGTM! Complementary test case for valid boundary value.

The test case provides good coverage by testing the maximum positive signed 64-bit value (0x7fffffffffffffff), complementing the previous test case to ensure both boundaries of the signed range are verified.

---

1107-1270: Excellent test coverage for unsigned right shift by 0!

The new test cases provide comprehensive coverage of the overflow scenarios:

• Tests both maximum positive and negative 64-bit values
• Verifies behavior with both immediate and register-based shifting
• Maintains consistent verification of both svalue and uvalue preservation
• Includes clear documentation of the test values and their significance

This thoroughly addresses the overflow issue described in the PR and the scenarios from issue #766.

src/crab/ebpf_domain.cpp (1)

2377-2379: Verify the assignment of dst.svalue after logical shift right operation

Assigning dst.svalue to dst.uvalue following the logical shift right may result in unexpected negative values if dst.uvalue exceeds the signed integer range. Please ensure that this assignment is intentional and that the subsequent overflow handling with overflow_signed and overflow_unsigned functions correctly manage any potential overflows or sign issues.

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between 609e11f and f4c915a.

📒 Files selected for processing (2)

• src/crab/ebpf_domain.cpp (3 hunks)
• test-data/shift.yaml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

src/crab/ebpf_domain.cpp (1)

Learnt from: elazarg
PR: vbpf/ebpf-verifier#709
File: src/crab/ebpf_domain.cpp:2498-2498
Timestamp: 2024-09-30T22:42:59.728Z
Learning: When casting from larger integer types to smaller signed integer types, prefer using `gsl::narrow` over `static_cast`.

🔇 Additional comments (6)

test-data/shift.yaml (4)

1109-1264: LGTM! Well-structured test cases for unsigned right shift.

The test cases thoroughly verify the idempotent behavior of unsigned right shift by 0 using both MIN_INT64 and MAX_INT64 values, with both immediate and register-based variants.

---

1269-1427: LGTM! Comprehensive test cases for signed right shift.

The test cases effectively verify the idempotent behavior of signed right shift by 0 using both MIN_INT64 and MAX_INT64 values, with both immediate and register-based variants.

---

1429-1586: LGTM! Well-structured test cases for left shift.

The test cases thoroughly verify the idempotent behavior of left shift by 0 using both MIN_INT64 and MAX_INT64 values, with both immediate and register-based variants.

---

1108-1586: LGTM! Excellent test coverage for shift operations.

The added test cases provide comprehensive coverage for shift operations by:

• Testing both signed and unsigned shifts
• Verifying behavior with edge cases (MIN_INT64 and MAX_INT64)
• Including both immediate and register-based variants
• Ensuring proper handling of uvalue/svalue conversions

This aligns well with the PR objective of fixing overflow in conversion from uvalue to svalue.

src/crab/ebpf_domain.cpp (2)

2337-2339: Shift left operation correctly assigns and handles overflow

The assignment of dst.svalue from dst.uvalue and the subsequent overflow checks in the shl function are appropriate.

---

2375-2377: Logical shift right operation correctly assigns and handles overflow

The assignment of dst.svalue from dst.uvalue and the overflow handling in the lshr function are implemented correctly.