<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
I attach a simple proof of concept checker. It will just warn if there is an assignment and RHS is a known negative value. Do you have opinions about the design? Should some alternative approach be used?<br>
<br></blockquote><div><br></div><div>You seem to have substituted a lot of false positives for a lot of false negatives.<div><br></div><div>Why not look to see if the value cannot be provably non-negative? That would resolve the false positive you showed above, but still capture cases where the case only *might* be negative (rather than being guaranteed to be negative). In fact, I think the most interesting case is those where an off-by-one error or some other hidden defect has caused a scenario where almost all cases are positive, but left a couple cases open that the developer did not realize could be negative. Warning in these scenarios that the conversion could be unsafe would be very powerful, I think.</div><div><br></div><div>- Matthew P. Del Buono</div></div><div><br></div></div></div></div>