cppcheck-opensource
diff --git a/‎AUTHORS‎
Lines changed: 1 addition & 0 deletions b/‎AUTHORS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎addons/README.md‎
Lines changed: 2 additions & 0 deletions b/‎addons/README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎addons/doc/y2038.md‎
Lines changed: 306 additions & 0 deletions b/‎addons/doc/y2038.md‎
Lines changed: 306 additions & 0 deletions
@@ -238,6 +238,7 @@ Ludvig Gunne Lindström
 Luis Díaz Más
 Luís Pereira
 Lukas Grützmacher
+Lukas Hiesmayr
 Lukasz Czajczyk
 Łukasz Jankowski
 Luxon Jean-Pierre
 
@@ -16,6 +16,8 @@ Addons are scripts that analyses Cppcheck dump files to check compatibility with
   Enforces naming conventions across the code. Enhanced version with support for type prefixes in variable and function names.
 + [findcasts.py](https://github.com/danmar/cppcheck/blob/main/addons/findcasts.py)
   Locates casts in the code.
++ [y2038_buildsystem.py](https://github.com/danmar/cppcheck/blob/main/addons/y2038_buildsystem.py)
+  Detects and parses build system files to extract compiler flags for Y2038 analysis. Supports multiple build systems including Make, CMake, Meson, Autotools, and Bazel.
 + [misc.py](https://github.com/danmar/cppcheck/blob/main/addons/misc.py)
   Performs miscellaneous checks.
 
 
@@ -0,0 +1,306 @@
+# README of the Y2038 cppcheck addon
+
+## Contents
+
+- [What is Y2038?](#what-is-y2038)
+- [What is the Y2038 cppcheck addon?](#what-is-the-y2038-cppcheck-addon)
+- [How does the Y2038 cppcheck addon work?](#how-does-the-y2038-cppcheck-addon-work)
+- [How to use the Y2038 cppcheck addon](#how-to-use-the-y2038-cppcheck-addon)
+
+---
+
+## What is Y2038?
+
+In a few words:
+
+In Linux, the current date and time is kept as the number of seconds elapsed
+since the Unix epoch, that is, since January 1st, 1970 at 00:00:00 GMT.
+
+Most of the time, this representation is stored as a 32-bit signed quantity.
+
+On January 19th, 2038 at 03:14:07 GMT, such 32-bit representations will reach
+their maximum positive value.
+
+What happens then is unpredictable: system time might roll back to December
+13th, 1901 at 19:55:13, or it might keep running on until February 7th, 2106
+at 06:28:15 GMT, or the computer may freeze, or just about anything you can
+think of, plus a few ones you can't.
+
+The workaround for this is to switch to a 64-bit signed representation of time
+as seconds from the Unix epoch. This representation will work for more than 250
+billion years.
+
+Working around Y2038 requires fixing the Linux kernel, the C libraries, and
+any user code around which uses 32-bit epoch representations.
+
+There is Y2038-proofing work in progress on the Linux and GNU glibc front.
+
+## What is the Y2038 cppcheck addon?
+
+The Y2038 cppcheck addon is a tool to help detect code which might need fixing
+because it is Y2038-unsafe. This may be because it uses types or functions from
+GNU libc or from the Linux kernel which are known not to be Y2038-proof.
+
+## How does the Y2038 cppcheck addon work?
+
+The Y2038 cppcheck addon takes XML dumps produced by `cppcheck` from source code
+files and looks for the names of types or functions which are known to be Y2038-
+unsafe, and emits diagnostics whenever it finds one.
+
+Of course, this is of little use if your code uses a Y2038-proof glibc and
+correctly configured Y2038-proof time support.
+
+This is why `y2038.py` takes into account preprocessor directives like
+`_TIME_BITS`, `__USE_TIME_BITS64`, and `_FILE_OFFSET_BITS`.
+
+The addon now features comprehensive build system detection and compiler flag
+checking that eliminates false positives when projects are properly configured 
+for Y2038 safety. This enables analysis of entire codebases without being 
+overwhelmed by warnings from correctly configured code.
+
+### Key improvements in this version:
+
+* **Eliminate false positives**: Automatically suppress Y2038 warnings when proper
+  configuration is detected (both `_TIME_BITS=64` AND `_FILE_OFFSET_BITS=64`)
+  
+* **Comprehensive codebase analysis**: Run Y2038 checks across entire projects 
+  without manual flag specification - the addon discovers build configurations
+  automatically
+  
+* **Multi-build-system support**: Detects Y2038 flags from Makefile, CMake, 
+  Meson, Autotools, and other build systems with hierarchical directory search
+  
+* **Smart warning suppression**: When proper Y2038 configuration is found, 
+  displays informational messages instead of false warnings
+  
+* **Enterprise-ready**: Suitable for CI/CD pipelines and large-scale code analysis
+
+### Build System Detection:
+The addon automatically searches for and parses the following build files:
+- Makefiles (`Makefile`, `makefile`, `GNUmakefile`, `*.mk`)
+- CMake files (`CMakeLists.txt`, `*.cmake`)
+- Configure scripts (`configure`, `configure.ac`, `configure.in`)
+- Meson build files (`meson.build`)
+- Other build systems (`BUILD`, `BUILD.bazel`, etc.)
+
+The addon searches up to 5 directory levels from the source file location to
+find relevant build files and extracts Y2038-related compiler definitions.
+
+### Warning Suppression:
+When proper Y2038 configuration is detected (both `_TIME_BITS=64` AND
+`_FILE_OFFSET_BITS=64` defined), Y2038 warnings are automatically suppressed
+with an informational message indicating the source of the configuration.
+
+### Priority order for Y2038 flag detection (highest to lowest):
+1. Build system files (`Makefile`, `CMakeLists.txt`, etc.)
+2. Compiler flags (`-D` options passed to `cppcheck`)
+3. Source code `#define` directives
+
+`_TIME_BITS` is defined equal to 64 by user code when it wants 64-bit time
+support from the GNU glibc. Code which does not define `_TIME_BITS` equal to 64
+(or defines it to something else than 64) runs a risk of not being Y2038-proof.
+
+`__USE_TIME_BITS64` is defined by the GNU glibc when it actually provides 64-bit
+time support. When this is defined, then all glibc symbols, barring bugs, are
+Y2038-proof (but your code might have its own Y2038 bugs, if it handles signed
+32-bit Unix epoch values).
+
+The Y2038 cppcheck performs the following checks:
+
+  1. Upon meeting a definition for `_TIME_BITS`, if that definition does not
+     set it equal to 64, this error diagnostic is emitted:
+
+     ```
+     Error: _TIME_BITS must be defined equal to 64
+     ```
+
+     This case is very unlikely but might result from a typo, so pointing
+     it out is quite useful. Note that definitions of `_TIME_BITS` as an
+     expression evaluating to 64 will be flagged too.
+
+  2. Upon meeting a definition for `_USE_TIME_BITS64`, if `_TIME_BITS` is not
+     defined equal to 64, this information diagnostic is emitted:
+
+     ```
+     Warning: _USE_TIME_BITS64 is defined but _TIME_BITS was not
+     ```
+
+     This reflects the fact that even though the glibc checked default to
+     64-bit time support, this was not requested by the user code, and
+     therefore the user code might fail Y2038 if built against a glibc
+     which defaults to 32-bit time support.
+
+  3. Upon meeting a symbol (type or function) which is known to be Y2038-
+     unsafe, if proper Y2038 configuration is not detected, this warning
+     diagnostic is emitted:
+
+     ```
+     Warning: <symbol> is Y2038-unsafe
+     ```
+
+     This reflects the fact that the user code is referring to a symbol
+     which, when glibc defaults to 32-bit time support, might fail Y2038.
+     
+     However, if proper Y2038 configuration is detected (both `_TIME_BITS=64`
+     AND `_FILE_OFFSET_BITS=64`), these warnings are suppressed and an
+     informational message is displayed instead.
+
+General note: `y2038.py` will handle multiple configurations, and will
+emit diagnostics for each configuration in turn.
+
+## How to use the Y2038 cppcheck addon
+
+### **Comprehensive Codebase Analysis**
+
+The enhanced Y2038 addon is designed for analyzing entire codebases efficiently:
+
+```sh
+# Analyze all C files in a project - addon will detect build system configs automatically
+cppcheck --addon=y2038 .
+
+# For projects with proper Y2038 configuration, you'll see suppression messages instead of false warnings:
+# Y2038 warnings suppressed: Found proper Y2038 configuration in build system (_TIME_BITS=64 and _FILE_OFFSET_BITS=64)
+```
+
+### **CI/CD Integration**
+
+This addon is now suitable for continuous integration workflows:
+
+```sh
+# Example CI script
+#!/bin/bash
+find . -name "*.c" -exec cppcheck --dump {} \;
+python3 addons/y2038.py $(find . -name "*.dump")
+
+# Returns non-zero exit code only for actual Y2038 issues,
+# not for properly configured projects
+```
+
+### **Basic Usage**
+
+The Y2038 cppcheck addon is used like any other cppcheck addon:
+
+```sh
+cppcheck --dump file1.c [ file2.c [...]]
+y2038.py file1.c.dump [ file2.c.dump [...]]
+```
+
+To use compiler flags for Y2038 checking:
+
+```sh
+cppcheck --dump -D_TIME_BITS=64 -D_USE_TIME_BITS64 file1.c
+y2038.py file1.c.dump
+```
+
+For automatic build system detection (recommended):
+
+```sh
+cppcheck --dump file1.c  # No flags needed - addon detects from build files
+y2038.py file1.c.dump
+```
+
+The addon will automatically:
+1. Search for build system files (`Makefile`, `CMakeLists.txt`, etc.)
+2. Extract Y2038-related compiler definitions
+3. Validate `_TIME_BITS` and `_USE_TIME_BITS64` configurations
+4. Report any Y2038-unsafe configurations found in build files
+
+Example build system configurations that will be detected:
+
+Makefile:
+```makefile
+CPPFLAGS = -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64
+```
+
+CMakeLists.txt:
+```cmake
+add_definitions(-D_TIME_BITS=64)
+add_definitions(-D_FILE_OFFSET_BITS=64)
+```
+
+meson.build:
+```meson
+add_global_arguments('-D_TIME_BITS=64', language : 'c')
+add_project_arguments('-D_FILE_OFFSET_BITS=64', language : 'c')
+```
+
+When both `_TIME_BITS=64` and `_FILE_OFFSET_BITS=64` are found, Y2038 warnings
+will be suppressed with a message like:
+```
+Y2038 warnings suppressed: Found proper Y2038 configuration in build system (_TIME_BITS=64 and _FILE_OFFSET_BITS=64)
+Suppressed X Y2038-unsafe function warning(s)
+```
+
+Sample test C files are provided:
+
+- `test/y2038-test-1-bad-time-bits.c`          # Source code with wrong `_TIME_BITS`
+- `test/y2038-test-2-no-time-bits.c`           # Source code missing `_TIME_BITS`
+- `test/y2038-test-3-no-use-time-bits.c`       # Missing `_USE_TIME_BITS64`
+- `test/y2038-test-4-good.c`                   # Proper Y2038 setup in source
+- `test/y2038-test-5-good-no-time-used.c`      # No time functions used
+- `test/y2038-test-compiler-flags.c`           # Shared test file for compiler flag scenarios:
+                                               #   - Proper Y2038 config (`-D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_USE_TIME_BITS64`)
+                                               #   - Wrong `_TIME_BITS` value (`-D_TIME_BITS=32`)
+                                               #   - Incomplete config (`-D_USE_TIME_BITS64` only)
+
+These cover the cases described above. You can run them through cppcheck
+and y2038.py to see for yourself how the addon diagnostics look like. If
+this README is not outdated (and if it is, feel free to submit a patch),
+you can run `cppcheck` on these files as on any others:
+
+```sh
+cppcheck --dump addons/test/y2038/y2038-*.c
+python3 addons/y2038.py addons/test/y2038/y2038-*.dump
+```
+
+For testing compiler flag functionality (using the shared test file):
+
+```sh
+# Test proper Y2038 configuration
+cppcheck --dump -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_USE_TIME_BITS64 addons/test/y2038/y2038-test-compiler-flags.c
+python3 addons/y2038.py addons/test/y2038/y2038-test-compiler-flags.c.dump
+
+# Test wrong _TIME_BITS value
+cppcheck --dump -D_TIME_BITS=32 addons/test/y2038/y2038-test-compiler-flags.c
+python3 addons/y2038.py addons/test/y2038/y2038-test-compiler-flags.c.dump
+
+# Test incomplete configuration (should produce warnings)
+cppcheck --dump -D_USE_TIME_BITS64 addons/test/y2038/y2038-test-compiler-flags.c
+python3 addons/y2038.py addons/test/y2038/y2038-test-compiler-flags.c.dump
+```
+
+If you have not installed cppcheck yet, you will have to run these
+commands from the root of the cppcheck repository:
+
+```sh
+make
+sudo make install
+./cppcheck --dump addons/test/y2038/y2038-*.c
+PYTHONPATH=addons python3 addons/y2038.py addons/test/y2038/y2038-*.c.dump
+```
+
+In both cases, `y2038.py` execution should result in the following:
+
+```
+Checking addons/y2038/test/y2038-test-1-bad-time-bits.c.dump...
+Checking addons/y2038/test/y2038-test-1-bad-time-bits.c.dump, config ""...
+Checking addons/y2038/test/y2038-test-2-no-time-bits.c.dump...
+Checking addons/y2038/test/y2038-test-2-no-time-bits.c.dump, config ""...
+Checking addons/y2038/test/y2038-test-3-no-use-time-bits.c.dump...
+Checking addons/y2038/test/y2038-test-3-no-use-time-bits.c.dump, config ""...
+Checking addons/y2038/test/y2038-test-4-good.c.dump...
+Checking addons/y2038/test/y2038-test-4-good.c.dump, config ""...
+# Configuration "":
+# Configuration "":
+[addons/y2038/test/y2038-test-1-bad-time-bits.c:8]: (error) _TIME_BITS must be defined equal to 64
+[addons/y2038/test/y2038-inc.h:9]: (warning) _USE_TIME_BITS64 is defined but _TIME_BITS was not
+[addons/y2038/test/y2038-test-1-bad-time-bits.c:10]: (information) addons/y2038/test/y2038-inc.h was included from here
+[addons/y2038/test/y2038-inc.h:9]: (warning) _USE_TIME_BITS64 is defined but _TIME_BITS was not
+[addons/y2038/test/y2038-test-2-no-time-bits.c:8]: (information) addons/y2038/test/y2038-inc.h was included from here
+[addons/y2038/test/y2038-test-3-no-use-time-bits.c:13]: (warning) timespec is Y2038-unsafe
+[addons/y2038/test/y2038-test-3-no-use-time-bits.c:15]: (warning) clock_gettime is Y2038-unsafe
+```
+
+Note: `y2038.py` recognizes option `--template` as `cppcheck` does, including
+pre-defined templates 'gcc', 'vs' and 'edit'. The short form `-t` is also
+recognized.