C++ developers now benefit from more efficient analysis and deeper Core Guidelines coverage

Hello C++ developers,

We’re proud to announce the following improvements to the C++ analyzer:

  • faster analysis thanks to incremental mode
  • broader coverage of the C++ Core Guidelines
  • improved diagnostic reproduction for failed scans thanks to its automatic reproducer creation

Incremental Analysis

In order to speed-up analysis and avoid repeatedly scanning the same unchanged code, it is now possible to enable a cache mechanism that will re-use previous analysis data over subsequent scans and only analyze changed files. This can be enabled by providing two properties to your scan:


Please see the “Analysis cache” section in the embedded documentation for additional details.

C++ Core Guidelines

Following the first batch of C++ Core Guidelines rules released with v6.5, we continued our efforts and added 9 additional rules to this latest release.

Bug Detection:

S5404: A call to “wait()” on a “std::condition_variable” should have a condition (Bug)
S5570: Arguments evaluation order should not be relied on (Bug)
S5658: Relational and subtraction operators should not be used with pointers to different arrays (Bug)
S5491: Enums should be consistent with the bit fields they initialize (Bug)
S5501: “#pragma pack” should be used correctly (Bug)

Code Smell Detection:

S5507: Pointers or references obtained from aliased smart pointers should not be used as function parameters (Code Smell)
S5425: “Forwarding references” parameters should be used only to forward parameters (Code Smell)
S5494: Size of bit fields should not exceed the size of their types (Code Smell)
S5500: Functions having rvalue reference arguments should “std::move” those arguments (Code Smell)

Automatic Reproducer Creation

If a file fails to scan properly, it is possible to generate a reproducer file (through the property sonar.cfamily.reproducer) so that our support team can easily reproduce the problem and inform the development team if a fix is required… This is very convenient and removes the need to create a pseudo project that exhibits the failure behavior. With the auto reproducer creation process, a zip file is generated with the guilty file and required dependencies.

In order to speed up the round-trip between users and our engineering team, this reproducer is now automatically generated in case of failure to scan a file. Everyone saves time and unnecessary exchanges just getting the zip generated and shared.

Here is an example of a warning message generated in such a context:

An error occurred while analyzing a compilation unit, "sonar-cfamily.reproducer" file has been automatically generated to help the problem investigation.
Please contact SonarSource support providing "sonar-cfamily.reproducer" file to help improve the analyzer.

For more information, see the changelog.

You can already enjoy these new features on SonarCloud. For SonarQube users, these new features will be built into the next version (8.2). In the meantime, you can get them now by upgrading to v6.6 of the C/C++/Objective-C analysis engine.



I am wondering why is the C++ langage is not incuded in the community edition ?

7 posts were split to a new topic: Upgrading to v6.6 of the C/C++/Objective-C analysis engine

2 posts were split to a new topic: SonarCFamily cache path configuration

A post was split to a new topic: SonarCFamily embedded documentation: Cache documentation