Mvn sonar:sonar hangs (at the end)

JorgJanke · January 29, 2019, 6:38am

Starting a few days ago, “mvn sonar:sonar” does not finish - just hangs.
It looks to me that it is done:
:
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=53ms
[INFO] Sensor JavaSecuritySensor [security]
[INFO] Reading UCFGs from: /Users/jorg/Documents/ADev/accorto-server/target/sonar/ucfg2/java
[INFO] 22:23:23.628 Building Type propagation graph
[INFO] 22:23:23.696 Running Tarjan on 11785 nodes
[INFO] 22:23:23.72 Tarjan found 11761 components
[INFO] 22:23:23.742 Variable type analysis: done
[INFO] UCFGs: 1432, excluded: 1374, source entrypoints: 58
[INFO] Analyzing 1432 ucfgs to detect vulnerabilities.
[INFO] All rules entrypoints : 36 Retained UCFGs : 738
[INFO] rule: S3649, entrypoints: 33

How can I debug/analyze this?

Nicolas_Peru · January 29, 2019, 8:37am

Hi,

This is due to taint analyser doing its magic to detect vulnerabilities. Would you be able to share (privately) the content of the /Users/jorg/Documents/ADev/accorto-server/target/sonar/ucfg2/java directory in order for us to investigate and help on the issue ?

Just to be clear : what do you mean by “Hang” : this analysis can be long and consume some memory but should be able to end : so how much memory is available for the scanner java process and how long did you let it “hang” ?

Thanks for those precision.

JorgJanke · January 29, 2019, 6:42pm

Thanks Nicolas!

hangs: cpu running at 100% with a java process (on MacOS) - I kept it running for 1h
memory: 32GB with 18GB used
I use “mvn sonar:sonar” (3.6.0) with Java 1.8.0_191 without setting memory parameters

The directory has 1436.proto files. I am happy to zip them up - how do I get them to you?

Cheers,
Jorg

JorgJanke · January 29, 2019, 6:49pm

… previously the end processing took about 5 seconds or so.
The memory info of the process: real: 3.01GB, virtual: 13.92 GB, shared: 2.5 MB private: 2.94 GB

Nicolas_Peru · January 29, 2019, 7:10pm

A private message should do the trick : thanks !

JorgJanke · January 29, 2019, 8:38pm

… sorry don’t see the option for a private message here or on your profile

JorgJanke · January 30, 2019, 5:39pm

Any update? - sent the zipped files to Oliver
Would be great to get this working as without a solution, nothing works!

Nicolas_Peru · January 31, 2019, 9:22am

Thanks for sharing the ucfgs. I am reproducing the problem and investigating it, I’ll let you know how it goes. Seems that we end up in an infinite loop of analysis.

JorgJanke · February 6, 2019, 8:06am

Any update? - what’s the timeframe? - any workaround?

Nicolas_Peru · July 12, 2019, 1:58pm

Realizing I did not close this one publicly : fix has been deployed on sonarcloud on march 27.
Thanks for your feedback and help !

Topic		Replies	Views
Java project scan hangs on "Analyzing XXX ucfgs to detect vulnerabilities" SonarQube Cloud java , sonarqube-cloud	13	3494	September 24, 2018
Scan the same project finishes using the Scanner but hangs with Maven on rule analysis using UCFG SonarQube Server / Community Build java , maven , scanner , security	5	1454	June 24, 2021
SonarJava analysis hangs SonarQube Server / Community Build java	1	1820	November 25, 2019
Sonar task hangs at rule S3649 SonarQube Server / Community Build scanner , security	3	1934	January 31, 2019
SonarQube analysis hangs in the "Running Tarjan" step or throws OutofMemoryError SonarQube Server / Community Build scanner , security	5	2267	April 28, 2020

Mvn sonar:sonar hangs (at the end)

Related topics