CFamily analyzer crashes on Qt-based C++20 file with GCC 15.2.0

SonarQube Cloud
1

Which versions are you using?

Component Version
CFamily Plugin 6.78.0.96395 (f45b4b7bf346e3cc7cb2aae152d37cdc93361f92)
Compiler GCC 15.2.0
C++ Standard C++20

How is SonarQube deployed?

Running via SonarScanner in Cirrus CI pipeline (not self-hosted — using SonarCloud).

What are you trying to achieve?

Run static analysis with the SonarQube CFamily plugin on my project, a Qt-based C++ pattern making application, compiled with GCC 15.2.0 and C++20.

What happened?

The CFamily analyzer crashes with an IllegalStateException when processing src/libs/vwidgets/vsimplepoint.cpp, aborting the entire scan:

ERROR Error during SonarScanner Engine execution
java.lang.IllegalStateException: 
An error occurred while analyzing the following compilation unit: 
  /tmp/cirrus-ci-build/src/libs/vwidgets/vsimplepoint.cpp
A file named "sonar-cfamily-reproducer.tar.xz" has been generated to help the problem investigation.
Please contact SonarSource support providing the following file to help improving the analyzer:
  /tmp/cirrus-ci-build/sonar-cfamily-reproducer.tar.xz
	at com.sonar.cpp.plugin.CFamilySensor.logReproducerGeneration(CFamilySensor.java:1075)
	at com.sonar.cpp.plugin.CFamilySensor.process(CFamilySensor.java:298)
	at com.sonar.cpp.plugin.CFamilySensor.execute(CFamilySensor.java:217)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:68)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:51)
	at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:74)
	at org.sonar.scanner.spring.SpringComponentContainer.startComponents(SpringComponentContainer.java:208)
	at org.sonar.scanner.spring.SpringComponentContainer.execute(SpringComponentContainer.java:187)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:219)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:214)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:182)
	at org.sonar.scanner.spring.SpringComponentContainer.startComponents(SpringComponentContainer.java:208)
	at org.sonar.scanner.spring.SpringComponentContainer.execute(SpringComponentContainer.java:187)
	at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:476)
	at org.sonar.scanner.spring.SpringComponentContainer.startComponents(SpringComponentContainer.java:208)
	at org.sonar.scanner.spring.SpringComponentContainer.execute(SpringComponentContainer.java:187)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:150)
	at org.sonar.scanner.spring.SpringComponentContainer.startComponents(SpringComponentContainer.java:208)
	at org.sonar.scanner.spring.SpringComponentContainer.execute(SpringComponentContainer.java:187)
	at org.sonar.scanner.bootstrap.ScannerMain.runScannerEngine(ScannerMain.java:143)
	at org.sonar.scanner.bootstrap.ScannerMain.run(ScannerMain.java:58)
	at org.sonar.scanner.bootstrap.ScannerMain.main(ScannerMain.java:42)

sonar-cfamily-reproducer.zip (8.2 MB)

Sonar Community Roundup; Feb 28 - March 6
5

Hello @dismine and welcome back to our community!

I see this warning in the log:

16:20:00.423695496 INFO Compilation database was generated by build-wrapper 6.76
16:20:00.425418546 WARN 
File
  /tmp/cirrus-ci-build/bw-output/compile_commands.json
was generated using build-wrapper version 6.76,
which does not match the analyzer version 6.78.0.96395.

Please download the matching version from the server
  https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip

Could you update the build-wrapper binary you used to generate the compilation database and try again? It may resolve the issue.

If it does not, please share with us the new reproducer.
Thanks

6

Hi, thank you for your help. I tried to update build-wrapper to the newest version. That did not help.

Why I cannot upload sonar-cfamily-reproducer.tar.xz here? I see error: Sorry, the file you are trying to upload is not authorized (authorized extensions: jpg, jpeg, png, gif, txt, json, log, zip, reproducer, tarxz, csv, svg). Or should I just rename tar.xz to tarxz?

sonar-cfamily-reproducer.zip (8.2 MB)

7

Hi,

Yes, please.

 
Ann

2 Likes
10

Hello @dismine,

I found the root cause of the issue, and a fix is on its way. Meanwhile, there are different ways you can work around it:

  • The crash happens in the rule S1117, so deactivating this rule would avoid the crash
  • The crash happens because of the following situation:
    • The class VSimplePoint defines a member function ToolSelectionType with a parameter named type
    • One of its base classes, VAbstractSimple, has a member variable named type
    • Another one, VScenePoint, also has a member function named type
    • The analyzer gets confused with those identical names with different nature. If this shadowing is removed, the crash will disappear. There are several ways to do so, the one with the smallest impact is probably to change the name of the function parameter. However, having both a function and a variable with the same name in the derived class is probably something that is not great either, maybe you could consider renaming at least one of those.

I hope this can help, and thank you for this report!

14

Thanks.

Renaming helped. The issue resolved.