Dear community,
we have a little research project on a TMS320F28379D microcontroller. The code is written in C99 - compliant C with some GCC-style extensions (__attribute__((always_inline))
, __attribute__((ramfunc))
and so forth) and intrinsic functions like __nop()
. I would like to analyze the code with the following SonarQube setup:
- SonarQube 7.4 Developer Edition
- SonarCFamily 5.1.1
- SonarQube Scanner 3.2.0.1227
- build-wrapper 5.1
The compiler is not officially supported by the SonarCFamily plugin, so it comes as no surprise that analysis results are unsatisfying. The CFamily Sensor says
INFO: Sensor CFamily [cpp]
INFO: Available processors: 8
INFO: Using 1 thread for analysis according to value of “sonar.cfamily.threads” property.
WARN: Metric ‘comment_lines_data’ is deprecated. Provided value is ignored.
INFO: Using build-wrapper output: /home/sneuser/repositories/F172_20_FW/bw_output/build-wrapper-dump.json
INFO: 0 compilation units analyzed
INFO: PCH: 0 + 0 + 0 , 0 - 0 - 0 - 0
INFO: FS: 0 lookups
INFO: PPH: 0 files, 0 bytes, 0 hits, 0 queries
INFO: Sensor CFamily [cpp] (done) | time=1242ms
and the only thing recognized are code duplications.
I tried to bypass the build-wrapper and manually predefine macros and intrinsics and actually got results:
INFO: Sensor CFamily [cpp]
INFO: Available processors: 8
INFO: Using 1 thread for analysis according to value of “sonar.cfamily.threads” property.
WARN: “sonar.cfamily.build-wrapper-output.bypass=true” property is deprecated and will be removed soon.
WARN: build-wrapper is not used to analyse this project. This may result in false-positives and false-negatives.
INFO: Parsing based on ‘c11’ standard.
WARN: Metric ‘comment_lines_data’ is deprecated. Provided value is ignored.
INFO: 46 compilation units analyzed
INFO: PCH: 0 + 0 + 0 , 41 - 0 - 0 - 0
INFO: FS: 75 lookups
INFO: PPH: 9 files, 42973 bytes, 18 hits, 27 queries
INFO: Sensor CFamily [cpp] (done) | time=2171ms
Now SonarQube computes metrics, and finds issues. Unfortunately there are – as the warning suggests – a ton of false positives, in this case mostly c:S819 Functions should be declared explicitly.
While I am sure I could tweak sonar-project.properties
and the quality profile to get good results, the warning about bypassing the build-wrapper being removed soon is a showstopper.
So my question is:
What is the preferred way of dealing with projects like this one? Not at all?
IMHO that would be a real shame because after some tweaking of (AFAICT undocumented!) sonar.c.*
/ sonar.cfamily.*
properties, results were actually quite good and SonarQube did indeed find some real issues.
Kind regards,
Sebastian