[llvm-bugs] [Bug 39138] New: Missing SymbolCast for explicit integer downcasts
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Oct 1 03:37:14 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=39138
Bug ID: 39138
Summary: Missing SymbolCast for explicit integer downcasts
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: adam.balogh at ericsson.com
CC: llvm-bugs at lists.llvm.org
`ExprEngine` only creates `SymbolCast` for an integer `CastExpr` if the result
is known to be truncated. However it does not create it if the result only "may
be" truncated. These casts are simply ignored which leads to incorrect results:
If `n` is of type `unsigned char` and `m` is a wider `unsigned`, then the range
of `m` is incorrect after this code:
```
assert(n >= 0xfe);
m = (unsigned char)(n + 1);
```
If `n >= 0xfe` then `n` is either `0xfe` or `0xff`, so `m` should be either
`0xff` or `0`. However, the range of `m` in this case is `[0xff..0x100]` which
means that the downcast is ignored.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181001/d5404675/attachment.html>
More information about the llvm-bugs
mailing list