[MERGE #5384 @sethbrenith] fix a warning about buffer bounds

sethbrenith · sethbrenith · commit 0cbed34904ed · 2018-07-10T09:43:17.000-07:00
Merge pull request #5384 from sethbrenith:user/sethb/prefast Tell the static analysis tool that UInt32Math::Add adds and guarantees no overflow. Fixes OS:18017387
diff --git a/lib/Common/Common/UInt32Math.h b/lib/Common/Common/UInt32Math.h
@@ -111,9 +111,13 @@ class UInt32Math
         return AddMul<add,mul>(left, ::Math::DefaultOverflowPolicy);
     }
 
+    _When_(lhs + rhs < lhs, _Analysis_noreturn_)
+    _Post_satisfies_(return == lhs + rhs)
     static uint32 Add(uint32 lhs, uint32 rhs)
     {
-        return Add( lhs, rhs, ::Math::DefaultOverflowPolicy );
+        uint32 result = Add( lhs, rhs, ::Math::DefaultOverflowPolicy );
+        _Analysis_assume_(result == lhs + rhs);
+        return result;
     }
 
     static uint32 Mul(uint32 lhs, uint32 rhs)

Original file line number	Diff line number	Diff line change
`@@ -111,9 +111,13 @@ class UInt32Math`
`111`	`111`	`return AddMul<add,mul>(left, ::Math::DefaultOverflowPolicy);`
`112`	`112`	`}`
`113`	`113`
	`114`	`+ _When_(lhs + rhs < lhs, _Analysis_noreturn_)`
	`115`	`+ _Post_satisfies_(return == lhs + rhs)`
`114`	`116`	`static uint32 Add(uint32 lhs, uint32 rhs)`
`115`	`117`	`{`
`116`		`- return Add( lhs, rhs, ::Math::DefaultOverflowPolicy );`
	`118`	`+ uint32 result = Add( lhs, rhs, ::Math::DefaultOverflowPolicy );`
	`119`	`+ _Analysis_assume_(result == lhs + rhs);`
	`120`	`+ return result;`
`117`	`121`	`}`
`118`	`122`
`119`	`123`	`static uint32 Mul(uint32 lhs, uint32 rhs)`