https://bugs.llvm.org/show_bug.cgi?id=39138
Bug ID: 39138
Summary: Missing SymbolCast for explicit integer downcasts
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcough...@apple.com
Reporter: adam.bal...@ericsson.com
CC: llvm-bugs@lists.llvm.org
`ExprEngine` only creates `SymbolCast` for an integer `CastExpr` if the result
is known to be truncated. However it does not create it if the result only "may
be" truncated. These casts are simply ignored which leads to incorrect results:
If `n` is of type `unsigned char` and `m` is a wider `unsigned`, then the range
of `m` is incorrect after this code:
```
assert(n >= 0xfe);
m = (unsigned char)(n + 1);
```
If `n >= 0xfe` then `n` is either `0xfe` or `0xff`, so `m` should be either
`0xff` or `0`. However, the range of `m` in this case is `[0xff..0x100]` which
means that the downcast is ignored.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
