Query module ComparisonWithWiderType

name
Comparison of narrow type with wide type in loop condition
description
Comparisons between types of different widths in a loop condition can cause the loop to behave unexpectedly.
id
cpp/comparison-with-wider-type
kind
problem
problem.severity
warning
precision
medium
tags
reliability security external/cwe/cwe-190 external/cwe/cwe-197 external/cwe/cwe-835

Imports

Dominance

Provides dominance predicates for control-flow nodes.

SSA
SimpleRangeAnalysis

Simple range analysis library. Range analysis is usually done as an abstract interpretation over the lattice of range values. (A range is a pair, containing a lower and upper bound for the value.) The problem with this approach is that the lattice is very tall, which means it can take an extremely large number of iterations to find the least fixed point. This example illustrates the problem:

cpp

Provides classes and predicates for working with C/C++/ObjC/ObjC++ code.

Predicates

friendlyLoc
getComparisonSize

C++ references are all pointer width, but the comparison takes place with the pointed-to value

loopVariant