sry for noise, this was part of the history diffs!

Is APInt used anywhere?

Good catch thx.

It's a leftover indeed thx for noticing.

I think this comment is now outdated.

Here and in the matcher below:

isInTemplateInstantiation is a wide range, if you match only on isTypeDependent() it would remove the false negatives from templates but still catch clear cases that are within a template function.

With the current implementation non-type-templates would be ignored as well.
IMHO that could be done in a follow-up to keep the scope on one thing.

Please enclose that struct with an anonymous namespace

please remove that const as its uncommon to qualify values in LLVM code.

Maybe repleace One with 1.0? It sounds slightly weird with the following Ones

what about value dependentness? That is resolveable, but i believe ignored here

narrowing to bool is not nice either. I would prefer diagnosing these too.

please no const and auto as well, as the type is not obvious.

please no const

you can shorten this condition with isDependentType

please no const

you could remove both temporaries and return directly and then ellide the braces.
If you don't like that please remove the const

Please reword that slightly. The narrowing conversions are defined by the standard, we just implement it "partially" or so.

llvm doesn't add a name to the TODOs.

The necessity to use the correct literal might still be there even if the number is in range: the precisions differ. I believe it could have differences on non-integer values what literal you use respectively.

could you please add tests with integer arithmetic?

E.g. this:

short n1, n2;
float result = n1 + n2; // 'n1 + n2' is of type 'int' because of integer rules

Sounds good, let's fix this in a follow-up patch.

It's a leftover, I've reworded and changed the code as well.

I tried using the following but it crashes when I run clang tidy other our codebase:

if (LhsType->isDependentType() || RhsType->isDependentType())
    return false;

Maybe I misunderstood what you suggested?

I have to keep both variables or the first one might shortcircuit the second that goes undetected.
e.g. unsigned char c = b ? 1 : -1;

You understood correct, but I was wrong. Could you please try LhsType->isInstantiationDependentType(), as this should involve all kind of template surprises.

Indeed, no problem.

I think it would be clearer to have something like "narrowing conversion from %0 literal to %1"

I think some people would not like to be warned on this (especially for the form if (!returns_int()), because the ! does the cast). What about adding options to the check to disable some forms ?

What about providing a fix for this one :
while (i != 0) {

Is this actually a narrowing conversion as per the CPPCG?
Conversion to bool is a special case, it's not a truncation, but a x != 0.
I'd think cases like these where bool was pretty clearly meant (if(), while(), for(), ???) should be exempt.

No it is not an narrowing conversion the CPPCG are concerned: https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#es46-avoid-lossy-narrowing-truncating-arithmetic-conversions

Short:

ES.46: Avoid lossy (narrowing, truncating) arithmetic conversions

Enforcement

A good analyzer can detect all narrowing conversions. However, flagging all narrowing conversions will lead to a lot of false positives. Suggestions:

    - flag all floating-point to integer conversions (maybe only float->char and double->int. Here be dragons! we need data)
    - flag all long->char (I suspect int->char is very common. Here be dragons! we need data)
    - consider narrowing conversions for function arguments especially suspect

We do have a readability-check that is concerned about int -> bool conversions. Because of that I think we could safely ignore the int->bool conversion.
But float -> bool is still suspicious in my opinion. It has the same semantics, but comparing float on equality is dangerous and one could argue it shall be enforced through point 1 (all float-to-int conversions).

@JonasToth Do you have the name of the readability check so I can document the behavior?

Should be https://clang.llvm.org/extra/clang-tidy/checks/readability-implicit-bool-conversion.html

I am surprised by following modulo 2 arithmetic and think it's a bit misleading. Writing just module arithmetic is probably better, as module 2 somewhat implies there a only 2 valid values (0, 1).

Is this the int -> unsigned int case path? That seems worth diagnosing too.

Nit: Please move these two comment above the if and make s/conversion/Conversion/.

Is this include needed?

Is there a case where you expect the QualType to be invalid? If not, drop the OrNull bit.

Spurious parens.

Spurious parens.

Then T should be passed in as a reference type instead of using this assertion.

Perhaps a better approach is to assert this is true and then unilaterally return.

This seems like debugging code that should be removed.

Please rename the identifier to not conflict with a type name.

Spurious parens.

Debugging code. Assert above and unilaterally return.

Assert the above condition and unconditionally return.

Comment is fine :)

I though that we have check that diagnoses unsigned i = -1; but I don't find it right now (maybe its still in review or so, i belive it was related to introducing std::numeric_limits<>).
As its well defined and not narrowing and not mentionend by the CPPCG in that section its ok, maybe worth an option in the future?

This can be further simplified into:

assert(T.isInteger() && "Unexpected builtin type");
return {llvm::APSInt::getMinValue(Context.getTypeSize(&T), T.isUnsignedInteger()),
         llvm::APSInt::getMaxValue(Context.getTypeSize(&T), T.isUnsignedInteger())};

shortciruit -> short circuit

An Option to warn on these sound like a good idea.
I added TODOs.

I would make this on by default. It is a valid diagnostic and people using this check might be surprised they have to activate it.

s/clang tidy already/clang-tidy check already/ (not sure if clang-tidy-check is correcter from english point of view.)

i think llvm_unreachable would fit better.

Why is the return here true even without diagnostic?

llvm_unreachable

Good catch

This is not a narrowing conversion -- there should be no diagnostic here. See [dcl.init.list]p7.

Missing tests involving literals, which are not narrowing conversions. e.g., float f = 1ULL; should not diagnose.

This is only true on architectures where char is defined to be signed char rather than unsigned char.

This is only narrowing if sizeof(int) < sizeof(long) which is not the case on all architectures.

Whatttt? How does one narrow from an unsigned 32-bit number to a signed 64-bit number?

This may be narrowing on an implementation that defines char to be unsigned.

This may be fine on implementations that define char to be unsigned.

Thx for pointing this out.
I would like to keep the diagnostic (without mentioning the narrowing) because there is no reason to write 2.0 instead of 2.0f. WDYT?

This is handled on l.262

This is taken care of. The test fails when adding -funsigned-char.
The current test is executed with -target x86_64-unknown-linux which should imply -fsigned-char. Anyways, I'll add -fsigned-char to make sure this is obvious.

Yes this is taken care of in the code, the size of the type must be smaller.
It works here because the test runs with -target x86_64-unknown-linux

unsigned long is unsigned 64-bit so it does not fit in signed 64-bit.
https://godbolt.org/z/VnmG0s

Same as previous comments. Would it make sense to create a different test with -funsigned-char to check these behaviors?

ditto

I see no reason to warn on a literal value that isn't changed as a result of the notional narrowing. The standard clearly defines the behavior, so I think that would be needlessly chatty.

Ah, I missed that, thank you!

Ah, thank you! Can you also pass -funsigned-char to test the behavior is as expected?

Please add a test for another target where this is not the case.

unsigned long is not 64-bit on all targets, and that should be tested. https://godbolt.org/z/VQx-Yy

Done. Plus added som tests.

Add some static_asserts for these bit sizes?

I don't think these should diagnose. They're both harmless as the literal values are exactly representable in the destination type.

Yes indeed they are harmless but why not write the correct literal in the first place?
I'm keeping these warnings for now. Let me know if you feel strongly about it.

Yes indeed they are harmless but why not write the correct literal in the first place?

Why force the user to modify their code when the behavior will be exactly the same as before?

I'm keeping these warnings for now. Let me know if you feel strongly about it.

I don't feel very strongly on this case, but it seems needlessly chatty to me to diagnose code that's not incorrect. For instance, this code could exist in a (system) header file that the user doesn't have the ability to correct.

I've added a WarnOnCastingLiterals option to display them.
It's on by default.
Let me know if you have a better name, I'm not super happy with it.
Let me know if you think it should be off by default.

I think the concept here is more broad than the option name suggests -- this is really a "pedantic mode" for this feature, because there is a notional narrowing but no semantic difference. I would name the option PedanticMode and have it off-by-default, personally.

integer -> integers

You should cite where this quotation comes from (e.g., [foo.bar]p2)

Why is this function needed at all?

Why is this function needed at all?

[dcl.init.list]p7.2 instead of a hyperlink.

What variables are created here?

short ciruit -> short-circuit

drop the "so"

do not -> does not
as such -> and so

what is the semantic -> what the semantics are

The two empty functions are placeholders so the cases handled by ImplicitCast and BinaryOp are the same.
I'll add some documentation.

Ditto.

Leftover. I rewrote the comment.

No need for this setting?

No need for any of these settings?

You can drop these lines, I believe, because they match the default values.

No need for these settings?