Skip to content

Demo#2757

Draft
oxisto wants to merge 8 commits into
mainfrom
oxisto/demo
Draft

Demo#2757
oxisto wants to merge 8 commits into
mainfrom
oxisto/demo

Conversation

@oxisto

@oxisto oxisto commented May 20, 2026

Copy link
Copy Markdown
Member

Might be split into smaller PRs

oxisto and others added 5 commits May 20, 2026 21:47
- IntegerValue.kt: MemberAccess now joins the per-field declaration-state
  interval with field-name-filtered prevDFG sources, so `p.x` reads see
  inter-procedural writes (e.g. `set_point_x(&p, 99)`) without leaking
  values across `p.x` / `p.y`.
- DeclarationState.lub: re-fold by value-equality after MapLattice's
  IdentityHashMap lub, so two autoboxed Integer keys with the same hash
  (e.g. branch1 `buf=malloc(16)`, branch2 `buf=malloc(64)`) merge into
  one entry with the LUB'd interval `[16, 64]`.
- AbstractIntervalEvaluator.evaluate: three-way lookup — prefer state
  per-AST-node, fall back to declaration state, finally retain TOP for
  unbounded params so `couldExceed` keeps flagging unsafe strcpy.
- intervalAtOrBottom helper to distinguish "no info" (BOTTOM) from
  "could be anything" (TOP) when joining with DFG-derived intervals.
- KotlinReplHighlighter: light syntax highlighting for the codyze REPL
  (keywords, strings, numbers, comments, meta-commands).
- README: trim the PointsToPass slot — drop redundant intra-procedural
  variants now subsumed by the inter-procedural example, and show the
  IntegerIntervalEvaluator side-by-side with MultiValueEvaluator.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@codecov

codecov Bot commented May 21, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 8.06023% with 1038 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.96%. Comparing base (bd8fc20) to head (d96fcb4).
⚠️ Report is 20 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...ofer/aisec/codyze/console/repl/NodeLinkRenderer.kt 0.00% 219 Missing and 1 partial ⚠️
...e/fraunhofer/aisec/codyze/console/repl/ReplLoop.kt 0.00% 158 Missing ⚠️
...aisec/codyze/console/repl/KotlinReplHighlighter.kt 0.00% 89 Missing ⚠️
...aunhofer/aisec/codyze/console/repl/FlowExporter.kt 0.00% 84 Missing ⚠️
...ofer/aisec/codyze/console/repl/KotlinReplParser.kt 0.00% 84 Missing ⚠️
...ec/cpg/analysis/abstracteval/value/IntegerValue.kt 20.87% 65 Missing and 7 partials ⚠️
...raunhofer/aisec/codyze/console/repl/ReplService.kt 0.00% 67 Missing and 2 partials ⚠️
...r/aisec/codyze/console/repl/DiagnosticFormatter.kt 0.00% 43 Missing ⚠️
...n/de/fraunhofer/aisec/codyze/console/repl/Theme.kt 0.00% 40 Missing ⚠️
...raunhofer/aisec/codyze/console/repl/ReplCommand.kt 0.00% 33 Missing ⚠️
... and 12 more

❌ Your patch check has failed because the patch coverage (8.06%) is below the target coverage (75.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files
Files with missing lines Coverage Δ
...kotlin/de/fraunhofer/aisec/codyze/console/Nodes.kt 47.49% <100.00%> (+0.40%) ⬆️
...n/kotlin/de/fraunhofer/aisec/codyze/Application.kt 0.00% <0.00%> (ø)
...nhofer/aisec/cpg/evaluation/MultiValueEvaluator.kt 46.59% <0.00%> (-0.25%) ⬇️
...kotlin/de/fraunhofer/aisec/cpg/graph/Extensions.kt 61.07% <0.00%> (-0.10%) ⬇️
.../fraunhofer/aisec/codyze/console/ConsoleService.kt 50.59% <85.71%> (+5.01%) ⬆️
...isec/cpg/analysis/abstracteval/value/ArrayValue.kt 63.63% <55.55%> (+25.33%) ⬆️
.../fraunhofer/aisec/codyze/console/CpgQueryScript.kt 0.00% <0.00%> (ø)
...aisec/cpg/analysis/abstracteval/LatticeInterval.kt 43.13% <0.00%> (-1.10%) ⬇️
...analysis/abstracteval/AbstractIntervalEvaluator.kt 62.77% <58.62%> (-1.62%) ⬇️
...aisec/cpg/passes/concepts/LoadPersistedConcepts.kt 67.25% <67.56%> (-0.22%) ⬇️
... and 13 more

... and 5 files with indirect coverage changes

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment thread codyze/build.gradle.kts
// Both are out of our control. We pin the flags here so the generated start
// scripts (codyze, codyze.bat) inherit them.
applicationDefaultJvmArgs =
listOf("--sun-misc-unsafe-memory-access=allow", "--enable-native-access=ALL-UNNAMED")

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The option --sun-misc-unsafe-memory-access=allow fails on my java openjdk with "unknown option".
Can we move this to gradle.properties if needed?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its not needed anymore actually, that sentence can be removed

.optionalLanguage("de.fraunhofer.aisec.cpg.frontends.ini.IniFileLanguage")
.codeInNodes(true)

if (request.includeDir != null) {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to also have support for json compilation database and unity-build option.
Not sure how we can do this in a usable/smart way when loading code via the codyze console.
No sure if unity-build mode is a no-op for languages other than CXX.

@peckto peckto left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the console improvements and the documented Demo!
Two things I came along when playing with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants