In SonarQube 9.3 the error “The result of the right shift is undefined due to shifting by ‘28’, which is greater or equal to the width of type ‘uint32_t’” has a “why is this an issue?” link which points to “Variables should be initialized before use”.
Note: The false-positive complaint is due to a known C2000 issue where SonarQube fails to understand the numeric size of types on the C2000 architecture, and the workaround is to disable all numeric overflow check rules. Our normal approach to disabling the rule is to click on the “why is this an issue?” link which gives us the details to find out which rule to disable. Unfortunately in this case the link appears to be pointing to the wrong issue.
Could you identify which rule would produce the error “The result of the right shift is undefined due to shifting by ‘28’, which is greater or equal to the width of type ‘uint32_t’” so we can disable it in our custom quality profile.
The code producing this false positive is:
uint32_t i2c_speed = config & speed_mask;
switch(static_cast<uint32_t>(i2c_speed>>28))
{
case 1:
//set to i2c "standard" speed
i2c_speed = 100000; //100KHz
break;
case 2:
//set to i2c "medium" speed
i2c_speed = 200000; //200KHz
break;
case 4:
//set to i2c "fast" speed
i2c_speed = 400000; //400KHz
break;
default:
//set to i2c "standard" speed
i2c_speed = 100000; //100KHz
break;
}
The error in question is:
- The result of the right shift is undefined due to shifting by ‘28’, which is greater or equal to the width of type ‘uint32_t’
- Why is this an issue?
- 16 hours ago
- L553
- Bug
- Major
- Open
- 15min effort
- Comment
- based-on-misra, cwe, symbolic-execution
It would be bad if this isn’t an “incorrect link” issue, because we can tolerate disabling numeric overflows to work around the SonarQube issue, but we can’t tolerate disabling “Uninitialized Variable” checks.