Improve unseeded randomness rule to include potential unreachability check #2019
+18
−9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 tasks
Member
Author
|
Hmm I don't know if this is even a potential valid solution at all, but atm it doesn't account for something like if (2 < 1) { set.seed(17) }
if (1 < 0) { runif(1) }because both are non-exhaustive branch coverages, but not of the same branches, so .. bleh |
Member
Author
|
yea i dunno i can't figure out how to do this correctly @EagleoutIce :( |
EagleoutIce
reviewed
Nov 11, 2025
| // function calls are already taken care of through the LastCall enrichment itself | ||
| for(const f of func ?? []) { | ||
| if(isConstantArgument(dataflow.graph, f, 0)) { | ||
| if(isConstantArgument(dataflow.graph, f, 0) && (dfgElement.cds === f.cds || happensInEveryBranch(f.cds))) { |
Member
There was a problem hiding this comment.
the happensInEveryBranch should happen under the assumptions of the dfgElement.cds
Member
Author
There was a problem hiding this comment.
What do you mean by "under the assumptions"?
Member
There was a problem hiding this comment.
this should be covered by the tests below :D because technically, i think, we have to remove the dfgElement.cds from f.cds/not consider them if they are on the same path (the if(u) { set.seed() .. if(b) runif() } should catch that)
| })) | ||
| // filter by calls that aren't preceded by a randomness producer | ||
| .filter(element => { | ||
| const dfgElement = dataflow.graph.getVertex(element.searchElement.node.info.id) as DataflowGraphVertexInfo; |
Member
There was a problem hiding this comment.
Can we be sure this exists?
| assertLinter('condition true', parser, 'if(TRUE) { set.seed(17); }\nrunif(1);', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); | ||
| assertLinter('condition unclear', parser, 'if(1 < 0) { set.seed(17); }\nrunif(1);', 'seeded-randomness', | ||
| [{ range: [2,1,2,8], function: 'runif', certainty: LintingResultCertainty.Certain }], { consumerCalls: 1, callsWithFunctionProducers: 0, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 1 }); | ||
| assertLinter('condition unclear after definite seed', parser, 'set.seed(17); if(1 < 0) { set.seed(17); }\nrunif(1);', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); |
Member
There was a problem hiding this comment.
Please use conditionals that are not dead (because we will detect them in the future) stick with uand runif
| [{ range: [2,1,2,8], function: 'runif', certainty: LintingResultCertainty.Certain }], { consumerCalls: 1, callsWithFunctionProducers: 0, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); | ||
| assertLinter('condition true', parser, 'if(TRUE) { set.seed(17); }\nrunif(1);', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); | ||
| assertLinter('condition unclear', parser, 'if(1 < 0) { set.seed(17); }\nrunif(1);', 'seeded-randomness', | ||
| [{ range: [2,1,2,8], function: 'runif', certainty: LintingResultCertainty.Certain }], { consumerCalls: 1, callsWithFunctionProducers: 0, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 1 }); |
Member
There was a problem hiding this comment.
Maybe we demote this from a certain guess?
| [{ range: [2,1,2,8], function: 'runif', certainty: LintingResultCertainty.Certain }], { consumerCalls: 1, callsWithFunctionProducers: 0, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 1 }); | ||
| assertLinter('condition unclear after definite seed', parser, 'set.seed(17); if(1 < 0) { set.seed(17); }\nrunif(1);', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); | ||
| assertLinter('condition exhaustive', parser, 'if(1 < 0) { set.seed(17); } else { set.seed(18); }\nrunif(1);', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); | ||
| assertLinter('condition reversed', parser, 'set.seed(17);\nif(1 < 0) { runif(1) }', 'seeded-randomness', [], { consumerCalls: 1, callsWithFunctionProducers: 1, callsWithAssignmentProducers: 0, callsWithNonConstantProducers: 0 }); |
Member
There was a problem hiding this comment.
Could you also include
- loops
- nested ifs?
- the random use being part of the same
ifpath - nestes ifs with the random use being nested in the if, e.g.
if(u) { set.seed() .. if(b) runif() }(which shouldn't trigger)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.