addons/doc/y2038.md
In a few words:
Most operating systems and programming environments represent the current time as the number of seconds since the Unix epoch. In C and C++ this is exposed by time() and std::time(), with the Unix epoch defined as 00:00:00 UTC on 1 January 1970.
Typically this representation is stored as a 64-bit signed quantity. Some systems, mainly embedded systems and older systems, still use a 32-bit signed time_t representation.
On January 19th, 2038 at 03:14:07 GMT, such 32-bit representations will reach their maximum positive value.
What happens then is unpredictable: system time might roll back to December 13th, 1901 at 19:55:13, or it might keep running on until February 7th, 2106 at 06:28:15 GMT, or the computer may freeze, or just about anything you can think of, plus a few ones you can't.
The workaround for this is to switch to a 64-bit signed representation of time as seconds from the Unix epoch. This representation will work for more than 250 billion years.
Working around Y2038 requires fixing the Linux kernel, the C libraries, and any user code around which uses 32-bit epoch representations.
There is Y2038-proofing work in progress on the Linux and GNU glibc front.
The Y2038 cppcheck addon is a tool to help detect code which might need fixing because it is Y2038-unsafe. This may be because it uses types or functions from GNU libc or from the Linux kernel which are known not to be Y2038-proof.
The Y2038 addon is a comprehensive tool designed to audit your project for Y2038 compliance. It provides a streamlined, intelligent approach to Y2038 analysis.
The Y2038 addon integrates seamlessly with cppcheck's core project parsing infrastructure. For optimal analysis, use the addon with project files:
cppcheck --project=build/compile_commands.json --addon=y2038
For single files, you can also use:
cppcheck --addon=y2038 source_file.c
The addon leverages cppcheck's built-in project parsing capabilities:
-D_TIME_BITS=64, -D_FILE_OFFSET_BITS=64, -D_USE_TIME_BITS64) from compilation commands#define statements#define statementsThis architecture ensures optimal performance and maintains clean separation of concerns between cppcheck core (project parsing) and addon (analysis logic).
The output is the standard Cppcheck analysis report, focused on Y2038-related issues.
The Y2038 addon works with any cppcheck installation and requires no additional dependencies beyond cppcheck itself.
For optimal Y2038 analysis, ensure your project uses a supported build system that generates compile_commands.json:
-DCMAKE_EXPORT_COMPILE_COMMANDS=ONbear to generate compile commandsninja -t compdb to generate compile commandsbazel aquery with appropriate flagsIf using bear for Make-based projects, install it via your package manager:
# On Debian/Ubuntu
sudo apt-get install bear
# On Fedora
sudo dnf install bear
# On macOS (using Homebrew)
brew install bear
The Y2038 addon seamlessly integrates with your existing cppcheck workflow.
For projects with compile_commands.json (recommended):
cppcheck --project=build/compile_commands.json --addon=y2038
For single file analysis:
cppcheck --addon=y2038 source_file.c
For project-wide analysis without compile_commands.json:
cppcheck --addon=y2038 src/
The integration automatically:
For CI/CD integration, use the Y2038 addon with your project's build configuration:
# Example CI script with compile_commands.json
#!/bin/bash
# Generate compile_commands.json (if not already available)
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -B build
# or: bear -- make
# Run Y2038 analysis
cppcheck --project=build/compile_commands.json --addon=y2038 --error-exitcode=1
# The addon will return a non-zero exit code if Y2038 issues are found.
# The output is the standard Cppcheck report.
For projects without compile_commands.json:
# Example CI script for source-only analysis
#!/bin/bash
cppcheck --addon=y2038 --error-exitcode=1 src/