Harden cost arithmetic against int64 overflow

Co-authored-by: Andrey G <networmix@gmail.com>

Author: cursoragent

include/netgraph/core/cost_utils.hpp

@@ -0,0 +1,41 @@
+/* Overflow-safe helpers for Cost arithmetic. */
+#pragma once
+
+#include <cmath>
+#include <limits>
+
+#include "netgraph/core/types.hpp"
+
+namespace netgraph::core {
+
+[[nodiscard]] inline constexpr Cost cost_max() noexcept {
+  return std::numeric_limits<Cost>::max();
+}
+
+// Largest finite cost value (keeps cost_max() reserved as "infinity"/unreachable).
+[[nodiscard]] inline constexpr Cost cost_finite_max() noexcept {
+  return static_cast<Cost>(std::numeric_limits<Cost>::max() - 1);
+}
+
+// Saturating add for path costs. If either argument is "infinity" (max), or
+// the sum would overflow, returns cost_finite_max().
+[[nodiscard]] inline constexpr Cost saturating_cost_add(Cost a, Cost b) noexcept {
+  if (a == cost_max() || b == cost_max()) return cost_max();
+  if (a >= cost_finite_max() || b >= cost_finite_max()) return cost_finite_max();
+  if (b > 0 && a > cost_finite_max() - b) return cost_finite_max();
+  if (b < 0 && a < std::numeric_limits<Cost>::min() - b) return std::numeric_limits<Cost>::min();
+  return static_cast<Cost>(a + b);
+}
+
+// Saturating conversion of base*factor into Cost to avoid UB from out-of-range
+// float->int conversions.
+[[nodiscard]] inline Cost saturating_cost_mul_factor(Cost base, double factor) noexcept {
+  if (base <= 0 || factor <= 0.0) return static_cast<Cost>(0);
+  const long double scaled = static_cast<long double>(base) * static_cast<long double>(factor);
+  const long double hi = static_cast<long double>(cost_finite_max());
+  if (!std::isfinite(static_cast<double>(scaled)) || scaled >= hi) return cost_finite_max();
+  if (scaled <= 0.0L) return static_cast<Cost>(0);
+  return static_cast<Cost>(scaled);
+}
+
+} // namespace netgraph::core

src/flow_policy.cpp

@@ -14,6 +14,7 @@
 */
 #include "netgraph/core/flow_policy.hpp"
 #include "netgraph/core/constants.hpp"
+#include "netgraph/core/cost_utils.hpp"
 #include "netgraph/core/algorithms.hpp"
 #include "netgraph/core/options.hpp"
 #include "netgraph/core/profiling.hpp"
@@ -129,7 +130,8 @@ std::optional<std::pair<PredDAG, Cost>> FlowPolicy::get_path_bundle(const FlowGr
   if (max_path_cost_.has_value() || max_path_cost_factor_.has_value()) {
     double maxf = max_path_cost_factor_.value_or(1.0);
     Cost absmax = max_path_cost_.value_or(std::numeric_limits<Cost>::max());
-    if (dst_cost > std::min<Cost>(absmax, static_cast<Cost>(static_cast<double>(best_path_cost_) * maxf))) return std::nullopt;
+    Cost relmax = saturating_cost_mul_factor(best_path_cost_, maxf);
+    if (dst_cost > std::min<Cost>(absmax, relmax)) return std::nullopt;
   }
   // Ensure there is at least one predecessor for dst
   if (static_cast<std::size_t>(dst) >= dag.parent_offsets.size()-1) return std::nullopt;

src/k_shortest_paths.cpp

@@ -19,6 +19,7 @@
 
 // Use multipath SPF DAG for spur enumeration
 #include "netgraph/core/shortest_paths.hpp"
+#include "netgraph/core/cost_utils.hpp"
 
 namespace netgraph::core {
 
@@ -80,7 +81,7 @@ static std::optional<Path> dijkstra_single(const StrictMultiDiGraph& g, NodeId s
         }
       }
       if (best_eid >= 0) {
-        Cost nd = static_cast<Cost>(d_u + min_edge_cost);
+        Cost nd = saturating_cost_add(d_u, min_edge_cost);
         auto vi = static_cast<std::size_t>(v);
         if (nd < dist[vi]) { dist[vi] = nd; parent[vi] = u; via[vi] = best_eid; pq.emplace(nd, v); }
       }
@@ -197,7 +198,9 @@ std::vector<std::pair<std::vector<Cost>, PredDAG>> k_shortest_paths(
         dist[static_cast<std::size_t>(P.nodes.front())] = 0;
         for (std::size_t i = 1; i < P.nodes.size(); ++i) {
           auto u = P.nodes[i-1]; auto v = P.nodes[i]; auto e = P.edges[i-1];
-          dist[static_cast<std::size_t>(v)] = dist[static_cast<std::size_t>(u)] + static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]);
+          dist[static_cast<std::size_t>(v)] = saturating_cost_add(
+              dist[static_cast<std::size_t>(u)],
+              static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]));
           dag.parent_offsets[static_cast<std::size_t>(v+1)] = 1;
         }
         for (std::size_t v = 1; v < dag.parent_offsets.size(); ++v) dag.parent_offsets[v] += dag.parent_offsets[v-1];
@@ -234,7 +237,9 @@ std::vector<std::pair<std::vector<Cost>, PredDAG>> k_shortest_paths(
     for (std::size_t idx = 1; idx < last.nodes.size(); ++idx) {
       // edge at idx-1
       auto e = last.edges[idx - 1];
-      prefix_cost[idx] = prefix_cost[idx - 1] + static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]);
+      prefix_cost[idx] = saturating_cost_add(
+          prefix_cost[idx - 1],
+          static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]));
     }
     // Spur node positions 0..len-2
     for (std::size_t j = 0; j + 1 < last.nodes.size(); ++j) {
@@ -300,7 +305,11 @@ std::vector<std::pair<std::vector<Cost>, PredDAG>> k_shortest_paths(
         for (auto e : spur_edges) cand_edges.push_back(e);
         // Compute candidate cost as prefix_cost[j] + sum(spur_edges)
         Cost cand_cost = prefix_cost[j];
-        for (auto e : spur_edges) cand_cost += static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]);
+        for (auto e : spur_edges) {
+          cand_cost = saturating_cost_add(
+              cand_cost,
+              static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]));
+        }
         if (cand_cost > max_cost) continue;
         auto sig = path_signature(cand_edges);
         if (unique && visited.find(sig) != visited.end()) continue;
@@ -332,7 +341,9 @@ std::vector<std::pair<std::vector<Cost>, PredDAG>> k_shortest_paths(
       dist[static_cast<std::size_t>(P.nodes.front())] = 0;
       for (std::size_t i = 1; i < P.nodes.size(); ++i) {
         auto u = P.nodes[i-1]; auto v = P.nodes[i]; auto e = P.edges[i-1];
-        dist[static_cast<std::size_t>(v)] = dist[static_cast<std::size_t>(u)] + static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]);
+        dist[static_cast<std::size_t>(v)] = saturating_cost_add(
+            dist[static_cast<std::size_t>(u)],
+            static_cast<Cost>(cost_view[static_cast<std::size_t>(e)]));
         dag.parent_offsets[static_cast<std::size_t>(v+1)] = 1;
       }
       for (std::size_t v = 1; v < dag.parent_offsets.size(); ++v) dag.parent_offsets[v] += dag.parent_offsets[v-1];

src/shortest_paths.cpp

@@ -170,6 +170,7 @@ resolve_to_paths(const PredDAG& dag, NodeId src, NodeId dst,
 #include <utility>
 #include <vector>
 #include "netgraph/core/constants.hpp"
+#include "netgraph/core/cost_utils.hpp"
 
 namespace netgraph::core {
 
@@ -317,7 +318,7 @@ shortest_paths_core(const StrictMultiDiGraph& g, NodeId src,
       }
       // Update distance and predecessors if we found a better path (or equal-cost with better capacity).
       if (!selected_edges.empty()) {
-        Cost new_cost = static_cast<Cost>(d_u + min_edge_cost);
+        Cost new_cost = saturating_cost_add(d_u, min_edge_cost);
         auto v_idx = static_cast<std::size_t>(v);
 
         // Compute bottleneck capacity along path to v through u for node-level tie-breaking.