I’m using SonarQube 9.3 to scan a TI C2000 project, and it’s getting false positives for numeric overflow which suggests SonarQube is not handling the C2000 data-type sizes correctly.
“implicit conversion from ‘unsigned long’ to ‘const unsigned int’ changes value from 1000 to 232” from the following code-snippet:
/// @brief Periodic time to send ACK static const unsigned periodic_activity_ms = 1000U;
“implicit conversion from ‘long long’ to ‘const uint32_t’ (aka ‘const unsigned long’) changes value from 1289999999 to 54911” from the following code-snippet:
static const uint32_t encoder_mid_range = 1289999999;
The numbers (1000 → 232) and (1289999999 → 54911) indicate SonarQube is convinced that an int is 8-bits, and a long is 16-bits.
This may be caused by SonarQube failing to recognize an architectural oddity of the C2000 processors best described in section “6.4 - Data Types” of the C2000 compiler manual https://www.ti.com/lit/ug/spru514r/spru514r.pdf:
NOTE: TMS320C28x Byte is 16 Bits
By ANSI/ISO C definition, the sizeof operator yields the number of bytes required to store an
object. ANSI/ISO further stipulates that when sizeof is applied to char, the result is 1. Since
the TMS320C28x char is 16 bits (to make it separately addressable), a byte is also 16 bits.
This yields results you may not expect; for example, size of (int) = = 1 (not 2). TMS320C28x
bytes and words are equivalent (16 bits).
SonarQube may be assuming 8-bits per “sizeof”. In other words it may think that sizeof(char) == 1 means that a char is 8-bits.
The build-wrapper-dump.json file is capturing the TI C2000 compiler:
“compiler”:“texas”,
“executable”:“C:\ti\ccs1040\ccs\tools\compiler\ti-cgt-c2000_20.12.0.STS\bin\cl2000.exe”,
“cmd”: [
“C:/ti/ccs1040/ccs/tools/compiler/ti-cgt-c2000_20.12.0.STS/bin/cl2000”,
“-v28”,
“-ml”,
“-mt”,
“–cla_support=cla1”,
“–float_support=fpu32”,
“–tmu_support=tmu0”,
“–vcu_support=vcu2”,
This isn’t the first time this issue has been reported - see Rule S3949 "Integral operations should not overflow" false positives - #3 by Amelie for someone else reporting similar issues on the C2000 processor.