I'm using a static code analyzer on a large embedded systems project at work (C/C++). Currently, all modules have several violations for:
Typedefs that indicate size and signedness should be used in place of the basic types.
However, we have a header file (footypes.h) defined that contains something along the lines of:
#ifdef LINUX_BUILD
#include <inttypes.h>
#else
#ifdef VXWORKS_BUILD
#include <vxWorks.h>
#endif
#endif
typedef int8_t I8;
typedef uint8_t U8;
//etc
Then, actual code in a module looks like:
#include <foo/footypes.h>
void bar(U8* foo){} //Violation given here
void bar(U8 foo){} //No violation given here
As far as I can tell, this code is correct and portable- is this just a false positive, or is there something wrong with the implementation?
EDIT: I just realized that the violations are actually only given when a pointer is used- I've updated the example module code to reflect this.
I work for Semmle and I can confirm that this is a false positive in our tool - your code looks fine to us.
The particular alert you're seeing is a custom analysis query we provide for your employer and their coding guidelines. As you discovered, that particular query has a bug such that it ignores 'acceptable' typedefs when they're used with pointer types. Thanks for bringing it to our attention - we will fix the query.