False positive on misra-c2012-16.3

[Emiel Estiévenart]

Hi,

I'm using Cppcheck as a faster alternative to Polyspace at work for misra compliancy.
So far I'm loving every bit of it and we are planning to use Cppcheck on a daily basis instead of Polyspace.

Littered across our code we have these defines:

PRAGMA_SECTION(ghs section data = default, ghs section bss = default, ghs section rodata = default, ghs section text = default)

On windows these defines expand to nothing.

#define PRAGMA_SECTION(x,y,z,w)

When compiling to the target, they are used.
I already tried running cppcheck with -DPRAGMA_SECTION, but it doesn't help.

This is the warning I get each time:
core_main.c(35,35): warning GD56056E1: c2012-16.3 MISRA: ... [misra-c2012-16.3]

Undoubtably because of the usage of the keyword default. I admit this false positive can be attributed to choosing bad names on our end, but there's not much I can do to change it.

Can this be solved please?

Regards,
Emiel

[Daniel Marjamäki]

Can you try to run Cppcheck with this:
-DPRAGMA_SECTION(x,y,z,w)=
or
"-DPRAGMA_SECTION(x,y,z,w)="
The quotes may or may not be needed I am not sure.

[Daniel Marjamäki]

I wonder if you could provide a Cppcheck review that would be helpful for us:
https://sourceforge.net/p/cppcheck/news/2023/04/gartner-peer-insights-reviews/

[Emiel Estiévenart]

Hi,

I tried setting the define in both ways, but to no avail.
Any other things I could try?

Sure, I can write a review :)

[Emiel Estiévenart]

OK, I figured out that -D doesn't work when taking in a vcxproj.

Can this be added please?

Reason is defines like this:

#if ((SCHAR_MIN + 1) != -SCHAR_MAX)
#error "This code must be compiled using a 2's complement representation for signed integer values"
#endif

These defines are defined in <limits.h>, but this file isn't found by Cppcheck.
Adding the include folder isn't very portable and doesn't work.
It adds a lot more defines that are unknown and Cppcheck doesn't get through it. </limits.h>

I would have to add the defines to the project, but then I get double defines.

The only workaround for me is to create another CMake target with these defines that isn't intended to be compiled. Which isn't a very nice solution I think.

Thanks for the support.

Regards,
Emiel

[Emiel Estiévenart]

I could try adding a cppcheck configuration wich then has the appropriate defines.

[Emiel Estiévenart]

I would like to report an issue with this.

I have this code:

#ifndef MY_DEF
PRAGMA_SECTION(ghs section data = default, ghs section bss = default, ghs section rodata = default, ghs section text = default)
#endif //MY_DEF

#ifndef MY_DEF
#error "This code must be compiled using a 2's complement representation for signed integer values"
#define NULL 0
#endif //MY_DEF

static int my_function()
{
#ifndef MY_DEF
    #define NULL                            0

    uint8_t i = 0;
    if (i)
    {
        int x = 10 / i;
        x = x;
    }

 #endif //MY_DEF
    return 0;
}

Cppcheck analyzes the file with the define MY_DEF unset.
2>Checking D:\Development\xxx\src\frrt.c Cppcheck|Win32...
2>Checking D:\Development\xxx\src\frrt.c: _WIN32=1;WIN32=1;_WINDOWS=1;PUBLIC=1;NULL=NULL;_WIN32=1;MY_DEF=1;SCHAR_MIN=-128;SCHAR_MAX=127;CMAKE_INTDIR="Cppcheck";SSE2=1;_MSC_VER=1900...

The preprocessor knows MY_DEF is set because the analysis completes and error is not seen.
However, the pragma_section throws this warning:
frrt.c(81,35): warning GD56056E1: ... [misra-c2012-16.3]

The define for null also throws this error:
frrt.c(92): warning G67AF6DEB: ... [misra-c2012-21.1]

Even though these parts should be excluded because of the preprocessor defines.

The if statement on a non boolean condition doesn't throw an error here. If I undef MY_DEF it does raise [misra-c2012-14.4]. This behaviour here is what's expected and is inconsistent with the previous results.

I would like to correct my previous post in which I claimed the -D is not working when using a vcxproj. It does work.

I think this behaviour is a bug.

Thanks!

Regards,
Emiel