Stefan Weil <s...@weilnetz.de> writes:
> Am 14.07.2019 um 19:30 schrieb Peter Maydell:
> [...]
>> "Analyzer thinks this multiply can overflow
>> but in fact it's not possible" is quite a common false
>> positive cause...
>
>
> The analysers don't complain because a multiply can overflow.
>
> They complain because the code indicates that a larger result is
> expected, for example uint64_t = uint32_t * uint32_t. They would not
> complain for the same multiplication if it were assigned to a uint32_t.
I agree this is an anti-pattern.
> So there is a simple solution to write the code in a way which avoids
> false positives...
You wrote elsewhere in this thread:
Either the assigned value should use the same data type as the
factors (possible when there is never an overflow, avoids a size
extension), or the multiplication could use the larger data type by
adding a type cast to one of the factors (then an overflow cannot
happen, static code analysers and human reviewers have an easier
job, but the multiplication costs more time).
Makes sense to me.
