fix: correct safe integer range for bitwise ops

thevilledev · thevilledev · commit 2a08552e414b · 2025-03-30T20:31:28.000+03:00
IEEE 754 double-precision floating-point numbers can precisely
represent all integers in the range [-2^53, 2^53]. The previous
implementation incorrectly used the range [-(2^53 - 1), 2^53 - 1]
when checking if a double could be safely converted to an int64
for bitwise operations.

This commit updates the `safeDoubleToInt64` function and its
associated comments and tests to use the correct safe integer range,
aligning with the IEEE 754 standard and Jsonnet documentation.
Test cases have been adjusted to verify the new boundaries and
fix related assertions.

Signed-off-by: Ville Vesilehto &lt;ville@vesilehto.fi&gt;
diff --git a/core/vm.cpp b/core/vm.cpp
@@ -3421,9 +3421,9 @@ inline int64_t safeDoubleToInt64(double value, const internal::LocationRange& lo
     }
 
     // Constants for safe double-to-int conversion
-    // IEEE 754 doubles precisely represent integers up to 2^53, beyond which precision is lost
-    constexpr int64_t DOUBLE_MAX_SAFE_INTEGER = (1LL << 53) - 1;
-    constexpr int64_t DOUBLE_MIN_SAFE_INTEGER = -((1LL << 53) - 1);
+    // Jsonnet uses IEEE 754 doubles, which precisely represent integers in the range [-2^53, 2^53].
+    constexpr int64_t DOUBLE_MAX_SAFE_INTEGER = 1LL << 53;
+    constexpr int64_t DOUBLE_MIN_SAFE_INTEGER = -(1LL << 53);
 
     // Check if the value is within the safe integer range
     if (value < DOUBLE_MIN_SAFE_INTEGER || value > DOUBLE_MAX_SAFE_INTEGER) {
diff --git a/core/vm.h b/core/vm.h
@@ -134,10 +134,10 @@ std::vector<std::string> jsonnet_vm_execute_stream(
  * This function is used primarily for bitwise operations which require integer operands.
  * It performs two safety checks:
  * 1. Verifies the value is finite (not NaN or Infinity)
- * 2. Ensures the value is within the safe integer range (±(2^53-1))
+ * 2. Ensures the value is within the safe integer range [-2^53, 2^53]
  *
  * The safe integer range limitation is necessary because IEEE 754 double precision
- * floating point numbers can only precisely represent integers up to 2^53.
+ * floating point numbers can only precisely represent integers in the range [-2^53, 2^53].
  * Beyond this range, precision is lost, which would lead to unpredictable results
  * in bitwise operations that depend on exact bit patterns.
  *
diff --git a/test_suite/error.integer_conversion.jsonnet b/test_suite/error.integer_conversion.jsonnet
@@ -1,3 +1,3 @@
 // Value just beyond MAX_SAFE_INTEGER (2^53)
-local beyond_max = 9007199254740992;  // 2^53
+local beyond_max = 9007199254740994;  // 2^53 + 1
 beyond_max << 1  // Should throw error "numeric value outside safe integer range for bitwise operation"
diff --git a/test_suite/safe_integer_conversion.jsonnet b/test_suite/safe_integer_conversion.jsonnet
@@ -1,19 +1,34 @@
 // Test values at boundary of safe integer range
-std.assertEqual(~9007199254740991, -9007199254740992) &&  // ~MAX_SAFE_INTEGER
-std.assertEqual(~(-9007199254740991), 9007199254740990) &&  // ~MIN_SAFE_INTEGER
+local max_safe = 9007199254740992; // 2^53
+local min_safe = -9007199254740992; // -2^53
+
+std.assertEqual(max_safe & 1, 0) && // Check 2^53
+std.assertEqual(min_safe & 1, 0) && // Check -2^53
+std.assertEqual((max_safe - 1) & 1, 1) && // Check 2^53 - 1
+std.assertEqual((min_safe + 1) & 1, 1) && // Check -2^53 + 1
+
+std.assertEqual(~(max_safe - 1), min_safe) &&  // ~(2^53 - 1) == -2^53
+std.assertEqual(~(min_safe + 1), max_safe - 2) &&  // ~(-2^53 + 1) == 2^53 - 2
 
 // Test basic values
 std.assertEqual(~0, -1) &&
 std.assertEqual(~1, -2) &&
 std.assertEqual(~(-1), 0) &&
 
 // Test shift operations with large values at safe boundary
-// MAX_SAFE_INTEGER (2^53-1) right shift by 4 bits
-std.assertEqual(9007199254740991 >> 4, 562949953421311) &&
-// MAX_SAFE_INTEGER (2^53-1) left shift by 1 bit (result is still precisely representable)
-std.assertEqual(9007199254740991 << 1, 18014398509481982) &&
-// (2^52-1) left shift by 1 bit (result is MAX_SAFE_INTEGER-1)
-std.assertEqual(4503599627370495 << 1, 9007199254740990) &&
+// (2^53 - 1) right shift by 4 bits
+std.assertEqual((max_safe - 1) >> 4, 562949953421311) &&
+// MAX_SAFE_INTEGER (2^53) right shift by 1 bit
+std.assertEqual(max_safe >> 1, 4503599627370496) && // 2^52
+// MIN_SAFE_INTEGER (-2^53) right shift by 1 bit
+std.assertEqual(min_safe >> 1, -4503599627370496) && // -2^52
+
+// Cannot left shift 2^53 without potential overflow/loss of precision issues
+// depending on the shift amount, but can shift smaller numbers up to it.
+// (2^52) left shift by 1 bit (result is 2^53)
+std.assertEqual((max_safe >> 1) << 1, max_safe) &&
+// (-2^52) left shift by 1 bit (result is -2^53)
+std.assertEqual((min_safe >> 1) << 1, min_safe) &&
 
 // Test larger values within safe range
 std.assertEqual(~123456789, -123456790) &&

Original file line number	Diff line number	Diff line change
`@@ -134,10 +134,10 @@ std::vector<std::string> jsonnet_vm_execute_stream(`
`134`	`134`	`* This function is used primarily for bitwise operations which require integer operands.`
`135`	`135`	`* It performs two safety checks:`
`136`	`136`	`* 1. Verifies the value is finite (not NaN or Infinity)`
`137`		`- * 2. Ensures the value is within the safe integer range (±(2^53-1))`
	`137`	`+ * 2. Ensures the value is within the safe integer range [-2^53, 2^53]`
`138`	`138`	`*`
`139`	`139`	`* The safe integer range limitation is necessary because IEEE 754 double precision`
`140`		`- * floating point numbers can only precisely represent integers up to 2^53.`
	`140`	`+ * floating point numbers can only precisely represent integers in the range [-2^53, 2^53].`
`141`	`141`	`* Beyond this range, precision is lost, which would lead to unpredictable results`
`142`	`142`	`* in bitwise operations that depend on exact bit patterns.`
`143`	`143`	`*`