C/C++ Analysis and Unity Builds

I’ve run into a bit of a strange situation with analyzing a C++ project. This project is built using Unreal Engine and by default the engine uses something known as a “Unity Build” to build its modules. That is to say, the engine generates a new source file that in includes all other source files in it and compiles it as one giant translation unit. I’ve been able to turn it off, but I was wondering is there any support for these types of builds within the cfamily scanner?

1 Like

Hello @fcorso2016,

Unity builds can be made to work, but the results are limited.

Setting them up would be annoying: For instance, you would need to make sure the unity source files are indexed, but you are probably not interested in having them show in SonarCloud. You need to take into account that there is some logic inside the scanner that ignores files marked to be ignored by your SCM (i.e., .gitignore, which usually lists the build directory, where the unity files could be).

However, the major limitation is that some rules, generally the most interesting such as buffer overflows, will not be applied. This is because these rules are costly, and they run only over the set of functions defined on the source file being compiled (functions coming from included files can be analyzed if they are used and their definition is available). A unity file only includes files, which will be treated as headers, so these rules will not run.

So, in summary, the support is limited and you will get only partial results.

I hope this helps.