y2038: eliminate false positives with automatic build system detection

[Hiesx]

The Y2038 addon currently generates false positive warnings when scanning
codebases that are properly configured for Y2038 safety through build
system flags, making it impractical for comprehensive codebase analysis.

This prevents teams from running Y2038 checks across entire projects in
CI/CD pipelines due to noise from correctly configured code.

Add automatic build system detection to discover Y2038-related compiler
flags (_TIME_BITS=64, _FILE_OFFSET_BITS=64, _USE_TIME_BITS64) from:

• Makefile variants (Makefile, makefile, GNUmakefile, *.mk)
• CMake files (CMakeLists.txt, *.cmake)
• Meson build files (meson.build)
• Autotools scripts (configure, configure.ac, configure.in)
• Compiler flags passed via cppcheck -D options

When proper Y2038 configuration is detected (both _TIME_BITS=64 AND
_FILE_OFFSET_BITS=64), suppress Y2038 warnings and display an
informational message indicating the configuration source.

Implement hierarchical directory search up to 5 levels from source files
to locate relevant build files, with flag precedence: build system >
compiler flags > source code #define directives.

Add performance optimizations:

• Intelligent file caching with TTL-based invalidation
• UTF-8 BOM handling for cross-platform compatibility
• Robust import fallback system

Extend test suite with comprehensive coverage:

• Compiler flag parsing edge cases (18 test scenarios)
• Build system detection for all supported formats
• Caching behavior and performance validation
• Cross-platform file encoding handling

This enables organizations to run comprehensive Y2038 analysis on entire
codebases without false positives from properly configured projects,
while maintaining detection of actual Y2038 safety issues.

[firewave]

Thanks for you contribution.

Please add buildsystem.py to addons/README.md and win_installer/cppcheck.wxs (all other packaging related stuff should use wildcards).

Also please add yourself to AUTHORS so you get credited.

[Hiesx]

Added the buildsystem.py to addons/README.md and win_installer/cppcheck.wxs. In addition to this i also fixed the pylint errors!

[danmar]

I haven't really looked at the python code yet. Spontanously I feel this is very interesting and will make the y2038 more useful!

It's unfortunate that the doc/y2038.txt is a text document. It would probably make sense to switch to markdown. And I'm not sure why we don't have the info in the manual instead.
https://github.com/danmar/cppcheck/blob/main/man/manual.md#y2038py
I don't understand why the manual points at https://github.com/3adev/y2038
do you think that makes sense?

[Hiesx]

I also moved from the y2038.txt documentation file to a markdown one. Also the y2038.md file is now linked in the main manual and the reference to the 3adev/y2038 is now removed, since the current y2038 check is too different to reference it, imo.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[danmar]

I think it's great that you fix the y2038 addon!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[danmar]

@Hiesx thanks! finally I merged this.

[firewave]

The TODO should have indicated that this function should not have been extended. Having this function is actually a current blocker of doing some improvement in the internal usage of this class.

I also do not understand why so many explicit things had to be added here. As they are defines that should just be used as such and not have dedicated fields. This seems the wrong approach.

That would also mean this will only work when using projects?