Bugs detection issue with C language

SonarQube
, ,
1

Hi,

recently we started to use SQ in our C project. However looks like SonarQube has issue with detecting bugs in the C code.
Therefore I have prepared simply, dedicated test file which contains bugs defined in SQ rules ( just copy-paste from SQ rules for C, and make it ‘compilable’ in the project).

After analysis none of them have been detected by SonarScanner .

Information about setup:

  • SQ Developer Edition, Version 7.7.0.23042
  • SonarCFamily plugin 6.3 9build 11371)
  • SonarQube Scanner 3.3.0.1492

We call wrapper in Jenkins like this:
D:\jenkins_slave\workspace\xxxx\build-wrapper-win-x86\build-wrapper-win-x86-64.exe --out-dir D:\jenkins_slave\workspace\xxxx\sq_out make all -j6

And later Scanner:
/var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQScanner/bin/sonar-scanner -Dsonar.projectKey=xxxx -Dsonar.cfamily.build-wrapper-output=sq_out -Dsonar.sources=APP/xxxx/Source/ASP

INFO: Scanner configuration file: /var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQScanner/conf/sonar-scanner.properties

As results we get:
Analysis total time: 9.484 s
INFO: EXECUTION SUCCESS

Note that code Smells and Duplications are detected in the project.

Are we missing something?

2

Hi @tomasz_s,

could you please share sq_out/build-wrapper-dump.json file and the sonar-scanner output log?

3

Hi @mpaladin,
thanks for replay. Sure, here it is build-wrapper-dump.json
# © SonarSource SA, 2014-2019, info@sonarsource.com
# All SONARSOURCE programs and content are copyright protected.
# SONARSOURCE and SONARQUBE are trademarks of SonarSource SA. All rights are expressly reserved.
#
# This file is designed exclusively for use with the SONARSOURCE C / C++ / Objective-C Plugin.
# It may not be used in connection with any other software.
# Any other use is prohibited by law and may be grounds for immediate termination of your License.
{
“version”:0,
“captures”:[
]}

That is all in this file. Looks like something is missing.

By sonar-scanner output log you mean output from terminal? I could not find any log. Terminal output attached (please note that some private data has been removed)
sonar-scaner_output.txt (5.9 KB)

4

Hi @tomasz_s,

build-wrapper-dump.json is empty, it means that build-wrapper didn’t capture your compiler invocation. What compiler are you using?

5

@mpaladin we are using Green Hills compiler
https://www.ghs.com/products/compiler.html

I know that it is not in the list of supported compilers, however build wrapper does not report any issues.

Could that be the reason?

6

Hi @tomasz_s,

I confirm that we currently don’t support Green Hills compilers, that explains why the build-wrapper-dump.json file is empty and you don’t get any file analyzed.

7

@mpaladin Thank you. This answer my question.

Do you have any plans to provide support for this compiler in the future?

8

Hi @tomasz_s,

we do have plans to expand our compilers support offering but I cannot provide you with any ETA. Is your code compilable only with Green Hills?

9

@mpaladin Thank you again for quick support here.

By default we use GH and it would be perfect to use it with SQ directly (in current toolchain).
Sure we can change compiler, however this is causing some additional effort and extend CI setup.

10

Hi @tomasz_s,

thank you for your request and feedback.

12

Hi @tomasz_s and @c.staffa,

I created a ticket to track Green Hills compilers support CPP-2239, feel free to watch it.

13

Hi @mpaladin We’ve run into the same problem with greenhills compiler. CPP-2239 hasn’t moved as well. Any ETA on this?

14

Hi @armishra ,

still no ETA, no promise yet, maybe 2022 is going to be a good year.

15

Tomasz & Anu Mishra,

you might want to look into CodeSonar by GrammaTech who offers full support for the GHS compiler.
We’ve implemented CS recently for our embedded teams and will be running comparisons to understand if we’ll standardize on (CS) or maintain both (CS & SQ) going forward.