We are using SonarQube Enterprise Edition Version 9.9.1 (build 69595) and SonarScanner 4.7.0.2747
We have pretty big project in C++ (1.1M lines).
Sonar reports massive false positives, counting 11k issues 
This is around 20% of our code smells.
A lot of those are default constructors (and only constructors) of classes or public methods, which for sure are used in other places in project.
Is there any setting or newer version which could help with this issue ?
What are the IDs of the rules you are facing false positives with?
When you are referring to an unused function, is it this S1144?
We don’t have any false-positive reports on this rule, so it might be that something went wrong in the analysis configuration. Can you share the full scanner verbose(-X) output? and build-wrapper.json?
I can send you a private message if you prefer to share them privately.
The best C++ analysis is always in the latest version: SonarQube 10.4.
Thanks,
Nope, it’s: “Functions that are not used in a project should be removed” cpp:S5536
I can try and generate debug output, but I don’t recall a file named build-wrapper.json, is it some settings for Visual Studio wrapper ?
We are using CMake+ninja, so we use build commands for Sonar.
I can try and generate debug output, but I don’t recall a file named build-wrapper.json. Is it some settings for Visual Studio wrapper?
You can configure your SonarQube C++ analysis with build-wrapper or compilation database. If you are using the latter, I need your compile_commands.json in addition to the scanner verbose logs.
For more information, here is the C++ doc: C/C++/Objective-C
Nope, it’s: “Functions that are not used in a project should be removed” cpp: S5536
This rule is disabled by default and S1144 is enabled instead because S5536 can have many false positives if:
Project not configured correctly
You are analyzing part of your code:
C++ analyzer analyzes C++ source files with entries in the compile commands and are part of sonar.sources.
It doesn’t analyze:
So if the location where the function is used falls under one of these 5 cases, you will have a false positive, and it is better to stick with S1144.
counting 11k issues
Are these mainly S5536?
Thanks,
Then maybe we should disable it ?
All of them 
Then that is great news! I still recommend using SQ 10.4 for the best C++ analysis.
Yes, or share with me the requested files to tell you how to configure your project in a way compatible with this rule.
Thanks,
The debug output is really big ~200mb and I am not sure I can share it with you the whole content.
What maybe could be a lead what is wrong would be such snippet of the output:
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\yvals_core.h:896 static assertion failed: error STL1001: Unexpected compiler version, expected MSVC 19.38 or newer.
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1394 expected a type
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1394 expected ';' after alias declaration
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1399 no template named '_Copy_cv'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1404 use of undeclared identifier '_Copy_cv'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1409 use of undeclared identifier '_Copy_cv'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1429 use of undeclared identifier '_Copy_cv'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1429 expected ';' after alias declaration
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1433 missing 'typename' prior to dependent type name '_Cond_res_workaround<_Ty1, _Ty2>::type'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1444 missing 'typename' prior to dependent type name 'common_reference<_Types...>::type'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1471 missing 'typename' prior to dependent type name 'basic_common_reference<remove_cvref_t<_Ty1>, remove_cvref_t<_Ty2>, template _Apply, template _Apply>::type'
04:45:29.546 DEBUG: [pool-4-thread-4] C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.39.33519\include\type_traits:1488 expected expression
sonar-project.properties have only base parameters like Source, Test and compile-command arguments.
And compile-commands have all of the files that are used in the project, also quite big ~25mb
The debug output is really big ~200mb and I am not sure I can share it with you the whole content.
You can compress it before uploading it
Unfortunately, it is really hard to detect what went wrong in your configuration without the full logs.
as mentioned before this rule is disabled by default because it is sensitive to configuration, for example, the test property is ignored by the CFamily analyzer and can render this rule inaccurate if the functions are only called from the tests:
Thanks.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.