https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #12 from Zhang Boyang <zhangboyang.id at gmail dot com> ---
Hi,
Sorry for filled a duplicate bug. But I'd like to suggest reconsider this
feature request. Here are two reasons:
1) "u64 = 1 << u32", "u64 = u32 * u32" are common mistakes in beginners,
2) These expressions may introduce vulnerability especially on now-widely-used
64-bit machines:
On a typical 64-bit machine, it's ok to write:
unsigned x = ...;
malloc(sizeof(...) + x)
but it will introduce vulnerability with a trivial change of "*2", i.e.:
malloc(sizeof(...) + x * 2)
If expression is very long, it's very hard to find out where is the bug.
Instead of warn on multiplys, I suggest a new "-Wexpr-conversion", it will
detect and warn on implicit conversions if and only if: 1) convert to wider
variable, and 2) value is real expression (i.e. result of operands, like a*b;
but not variable or function call or explicit cast)
For example, it should warn on:
uint64_t u64 = ...;
uint32_t u32 = ...;
u64 = 1 << u32;
// ^^^^^^^^
// suggests "u64 = (uint64_t)1 << (uint64_t)u32"
// suppressed by "u64 = (uint32_t)(1 << u32)"
But not on:
u64 = u32;
u64 = (u32)(...);
u64 = f(...);
This might be a kind of noisy warning like "-Wconversion" but I believe it will
help some people (we can just disable it by default).
Zhang Boyang
