Test code liking this

auto exp_a = __bt( variable_a, (uint32_t)0x6 ).simplify(true);
auto exp_b = __bt( variable_a, (uint8_t)0x6 ).simplify(true);

the hash of exp_a and exp_b is different,
but as a bittest, (uint32_t)0x6 and (uint8_t)0x6 should be same.

this will cause vm_jcc expression extract wrong destinations if a jcc expression contains both exp_a and exp_b. (when calcing destination of vm_jcc, using hash for compare expression, but hash is different)

Did you send a pull request for this?

still testing, it sames some thing broken after changing in this way.