JS: Promote js/loop-iteration-skipped-due-to-shifting to the Code Quality suite
#19743
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR promotes the js/loop-iteration-skipped-due-to-shifting query to the Code Quality suite, refines its false-positive logic, and adds corresponding tests.
- Updated query metadata and suite inclusion for Code Quality promotion
- Excluded splice calls used in conditional guards from false positives
- Extended tests and expected results for both true positives and a retained false positive
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/tst.js | Added test functions covering try/catch, logical-and, and if‐guards |
| javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/LoopIterationSkippedDueToShifting.expected | Added expected alerts for new true-positive cases |
| javascript/ql/src/change-notes/2025-06-12-loop-iteration.md | Documented addition of reliability tag |
| javascript/ql/src/change-notes/2025-06-12-loop-iteration-fix.md | Noted fix for false positives when splice is used in conditions |
| javascript/ql/src/Statements/LoopIterationSkippedDueToShifting.ql | Changed tags to quality, added guard to skip splice-in-condition |
| javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected | Included the query in the JavaScript Code Quality suite |
Comments suppressed due to low confidence (2)
javascript/ql/src/Statements/LoopIterationSkippedDueToShifting.ql:9
- The
reliabilityandcorrectnesslines aren’t prefixed with@tags, so they may not be recognized. Consider combining all tags on one annotation, e.g.* @tags quality reliability correctness.
* reliability
javascript/ql/src/change-notes/2025-06-12-loop-iteration.md:4
- [nitpick] Since the PR also promotes this query to the Code Quality suite, consider adding a bullet note about that promotion to keep change-notes in sync with the integration-test update.
* The `js/loop-iteration-skipped-due-to-shifting` query has been updated with `reliability` tag.
| function withTryCatch(pendingCSS) { | ||
| for (let i = 0; i < pendingCSS.length; ++i) { | ||
| try { | ||
| pendingCSS.splice(i, 1); // $ SPURIOUS:Alert |
There was a problem hiding this comment.
I don't understand why this code is safe (i.e. why the alert is spurious). As far as I can tell, splice doesn't raise an exception, so it seems to me that in some cases i can get decremented without actually removing any items.
There was a problem hiding this comment.
You are right that it could be a true positive!
This is a situation where the autofix tool correctly refuses to provide a fix because the alert is a false positive. In this specific code, there is nothing that could throw an exception between the call to splice and the decrement of i. As a result, there is no risk of accidentally skipping iterations. However, if any code that could potentially throw an exception were added between the splice operation and the decrement of i, then the alert would be justified.
There was a problem hiding this comment.
I'm confused. So is this a false positive or not? Or put differently: what is the value in marking it as "spurious"?
There was a problem hiding this comment.
Yeah, in this case it really is a false positive, the loop won’t skip anything, since there’s no way an exception could happen between splice and i -= 1.
The reason I marked it as spurious is because it is a false positive and I wanted to expand our test coverage a bit. Plus, if we ever change something elsewhere and this test suddenly failing, showing something like “FIXED SPURIOUS ALERT!”, which then proves that their changes had a positive effect?
Maybe it would of been better if I have added one more test case?
function withTryCatch2(pendingCSS) {
for (let i = 0; i < pendingCSS.length; ++i) {
try {
pendingCSS.splice(i, 1); // $Alert
throw new Error("Something went wrong!");
i -= 1;
} catch (ex) {}
}
}
javascript/ql/src/change-notes/2025-06-12-loop-iteration-fix.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Taus <tausbn@github.com>
Co-authored-by: Taus <tausbn@github.com>
The following pull request makes changes to
js/loop-iteration-skipped-due-to-shifting:spliceis used as a condition that adjusts the loop counter.MRVA shows good results (61 out of which most are true positives).
Autofixseems to be able to do the job, it even marked the false positive which I have mentioned before as false positive 🤯