Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Find likely signed integer overflows with octopus/gremlin
// Cute octopus/gremlin query to find all expressions of the form 'foo < 0 ? foo : -foo', these cases are
// likely to not take signed overflow into account, e.g. 0x80000000 (negative signed int max) * -1 = 0x80000000.
g.V().has('type', 'ConditionalExpression')
.sideEffect { lval = g.V(it.get()).out(AST_EDGE).has('childNum', '1')[0].value('code').replace("- ", "") }
.filter { lval.matches("[^0-9].*") }
.sideEffect { rval = g.V(it.get()).out(AST_EDGE).has('childNum', '2')[0].value('code').replace("- ", "") }
.filter { lval == rval }
.out(AST_EDGE).has('childNum', '0').astNodes().filter { it.get().value('code') == lval }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment