Merge Request: many issues on only one file

Hello,

I ran a Merge Request on a C++ project, with about 30 modified files. As this project is pretty old, there were many issues which were accepted on these files, and during these MR, only 1 or 2 new issues were raised (new code) per file.
But for one of the file, all issues were “awaken”, not only on the modified lines, and I don’t understand why. I checked encoding and new lines type, and I didn’t see anything weird. I also did a git diff.
I had a look in the Sonar log files, and I didn’t find any mention of this file.
I ran Sonar again on the target branch, with the last wrapper (6.77), because the last analysis had been done with 6.76, then ran again the branch analysis, but I got the same result.

Hi,

Can you share some details about this file and/or its issues? What rules are they from?

 
Thx,
Ann

Hello,

Unfortunately, I was in urge, and I had to acccept the issues, and merge my pull request.
It will be for a next time !

Hi again @ganncamp ,

The problem came back for an other PR. The problems are mainly related to dynamic memory (92 issues on 105): cpp:S984 & cpp:S9025. It is because of new/delete instructions for Qt widgets.
Half of these issues were coded 5 years ago.

This cpp file is about 450 lines long.

Hi,

Thanks for the detail. I’m doing some digging in the background. I hope to come back to you soon.

 
Ann

Hi again,

Can you share the analysis log for the PR in question?

 
Thx,
Ann

No, I can’t. Our Jenkins workspace is overwritten at each build, and some builds were run since my last comment. I will join the log at the next occurrence.
Do you mean wrapper log, or scanner log ?

Hi,

All of the above, prefereably.

 
Thx,
Ann

OK, I send you the logs in a private message.

For this branch analysis:

• 97 issues
• 94 issues on the discussed file
• for this file, 2x46 errors related to dynamic memory
• all these errors are 7 months or 5 years old

Hi,

Nothing’s jumping out at me from your log.

Tell me about the base branch. How recently has it been analyzed?

Tell me also about your checkout. Are all the prerequisites in place?

 
Thx,
Ann

Hi,

The target branch (generally develop branch, which is also the “main banch”) is analyzed frequently, and I rerun analysis on the target branch as soon as I get troubles with a MR. But…

We also frequenty do git rebase operations, as soon as there was a merge on the target branch. So the source branch may have overcome one or several rebase since its creation. Also, what about the Sonar cache when different MR analysis (for different source branches) are interlaced ?

MR1: S1 → T → Sonar issues (so, no merge yet) → related develop is fixing the issues…
MR2: S3 → T → Sonar issues (so, no merge yet) → related develop is fixing the issues…
MR1: S1 → T → …

Hi,

Have you configured sonar.cfamily.analysisCache.mode to a non-default value? By default, the cache is held server-side, per branch & so shouldn’t be impacted by the analysis order of various branches.

What blame dates show up for the lines of ‘awakened’ issues? What issue dates?

 
Ann

No.

Where is the analysis cache ? What’s its name ? Is it build-wrapper-dump.json ?
By the way, my browser (Firefox) doesn’t succeed to interpret is as a JSON file (no problem with compile_commands.json).

Hi,

As I said, by default the cache is stored server-side. It is not named build-wrapper-dump.json. That file is the data gathered by the build wrapper.

 
Ann