CODEWITHSUNDEEP
cembeddedvxworksstatic-code-analysissemmle-ql
84danie
84danie

Reputation: 95

Static code analyzer not recognizing C int-types are being used

I'm using a static code analyzer on a large embedded systems project at work (C/C++). Currently, all modules have several violations for:

Typedefs that indicate size and signedness should be used in place of the basic types.

However, we have a header file (footypes.h) defined that contains something along the lines of:

#ifdef LINUX_BUILD    
#include <inttypes.h>
#else
#ifdef VXWORKS_BUILD
#include <vxWorks.h>
#endif
#endif

typedef int8_t I8;
typedef uint8_t U8;
//etc

Then, actual code in a module looks like:

#include <foo/footypes.h>

void bar(U8* foo){} //Violation given here
void bar(U8 foo){} //No violation given here

As far as I can tell, this code is correct and portable- is this just a false positive, or is there something wrong with the implementation?

EDIT: I just realized that the violations are actually only given when a pointer is used- I've updated the example module code to reflect this.

Upvotes: 3

Views: 293

Answers (1)

Nick Rolfe
Nick Rolfe

Reputation: 68

I work for Semmle and I can confirm that this is a false positive in our tool - your code looks fine to us.

The particular alert you're seeing is a custom analysis query we provide for your employer and their coding guidelines. As you discovered, that particular query has a bug such that it ignores 'acceptable' typedefs when they're used with pointer types. Thanks for bringing it to our attention - we will fix the query.

Upvotes: 3

Related Questions