Mvn sonar:sonar hangs (at the end)

Starting a few days ago, “mvn sonar:sonar” does not finish - just hangs.
It looks to me that it is done:
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=53ms
[INFO] Sensor JavaSecuritySensor [security]
[INFO] Reading UCFGs from: /Users/jorg/Documents/ADev/accorto-server/target/sonar/ucfg2/java
[INFO] 22:23:23.628 Building Type propagation graph
[INFO] 22:23:23.696 Running Tarjan on 11785 nodes
[INFO] 22:23:23.72 Tarjan found 11761 components
[INFO] 22:23:23.742 Variable type analysis: done
[INFO] UCFGs: 1432, excluded: 1374, source entrypoints: 58
[INFO] Analyzing 1432 ucfgs to detect vulnerabilities.
[INFO] All rules entrypoints : 36 Retained UCFGs : 738
[INFO] rule: S3649, entrypoints: 33

How can I debug/analyze this?


This is due to taint analyser doing its magic to detect vulnerabilities. Would you be able to share (privately) the content of the /Users/jorg/Documents/ADev/accorto-server/target/sonar/ucfg2/java directory in order for us to investigate and help on the issue ?

Just to be clear : what do you mean by “Hang” : this analysis can be long and consume some memory but should be able to end : so how much memory is available for the scanner java process and how long did you let it “hang” ?

Thanks for those precision.

Thanks Nicolas!

hangs: cpu running at 100% with a java process (on MacOS) - I kept it running for 1h
memory: 32GB with 18GB used
I use “mvn sonar:sonar” (3.6.0) with Java 1.8.0_191 without setting memory parameters

The directory has 1436.proto files. I am happy to zip them up - how do I get them to you?


… previously the end processing took about 5 seconds or so.
The memory info of the process: real: 3.01GB, virtual: 13.92 GB, shared: 2.5 MB private: 2.94 GB

A private message should do the trick : thanks !

… sorry don’t see the option for a private message here or on your profile

Any update? - sent the zipped files to Oliver
Would be great to get this working as without a solution, nothing works!

Thanks for sharing the ucfgs. I am reproducing the problem and investigating it, I’ll let you know how it goes. Seems that we end up in an infinite loop of analysis.

Any update? - what’s the timeframe? - any workaround?

Realizing I did not close this one publicly : fix has been deployed on sonarcloud on march 27.
Thanks for your feedback and help !