/**

* @name Lossy pointer cast

* @description A pointer type is converted to a smaller integer type. This may

* lead to loss of information in the variable and is highly

* non-portable.

* @kind problem

* @problem.severity warning

* @precision high

* @id cpp/lossy-pointer-cast

* @tags reliability

* correctness

* types

*/

import cpp

predicate lossyPointerCast(Expr e, PointerType pt, IntegralType it) {

not it instanceof BoolType and

e.getConversion().getType().getUnderlyingType() = it and

e.getType().getUnderlyingType() = pt and

it.getSize() < pt.getSize() and

not e.isInMacroExpansion() and

// low bits of pointers are sometimes used to store flags

not exists(BitwiseAndExpr a | a.getAnOperand() = e)

}

from Expr e, PointerType pt, IntegralType it

where lossyPointerCast(e, pt, it)

select e, "Converted from " + pt.getName() + " to smaller type " + it.getName()