C++: Add test to demonstrate use-after-cast bugs

2026-04-28 18:25:24 +02:00 · 2019-03-07 11:44:23 +01:00
parent fa260872b5
commit ad61b4f55e
3 changed files with 20 additions and 0 deletions
--- a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
+++ b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
@@ -459,3 +459,8 @@
 | test.cpp:67:13:67:14 | xb | 0.0 |
 | test.cpp:69:10:69:10 | b | 0.0 |
 | test.cpp:69:21:69:21 | t | 0.0 |
+| test.cpp:74:30:74:30 | c | 0.0 |
+| test.cpp:74:34:74:34 | c | 0.0 |
+| test.cpp:75:22:75:30 | c_times_2 | 0.0 |
+| test.cpp:77:5:77:13 | c_times_2 | 0.0 |
+| test.cpp:79:3:79:11 | c_times_2 | 0.0 |
--- a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.cpp
+++ b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.cpp
@@ -68,3 +68,13 @@ bool test3(bool b, int x, int y) {

  return b || (bool)t;
 }
+
+void use_after_cast(unsigned char c)
+{
+  unsigned short c_times_2 = c + c;
+  if ((unsigned char)c_times_2 == 0)
+  {
+    c_times_2; // BUG: upper bound should be 510, not 0
+  }
+  c_times_2; // BUG: upper bound should be 510, not 255
+}
--- a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
+++ b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
@@ -459,3 +459,8 @@
 | test.cpp:67:13:67:14 | xb | 1.0 |
 | test.cpp:69:10:69:10 | b | 1.0 |
 | test.cpp:69:21:69:21 | t | 3.0 |
+| test.cpp:74:30:74:30 | c | 255.0 |
+| test.cpp:74:34:74:34 | c | 255.0 |
+| test.cpp:75:22:75:30 | c_times_2 | 510.0 |
+| test.cpp:77:5:77:13 | c_times_2 | 0.0 |
+| test.cpp:79:3:79:11 | c_times_2 | 255.0 |