Performance problems with S3949

Petr-Kovalev · September 23, 2021, 9:20am

Hi!

We’ve recently faced a similar issue on our repo. Builds get very slow due to the rule SonarAnalyzer.Rules.CSharp.CbdeHandlerRule (S3949). It doubles the time.

Expected this to be fixed in the 9.1 release but still have to disable the rule to decrease analysis time. Sonar version 9.1.0.47736.

Ready to provide extra details or assistance.

This was collected on the previous investigation, not 9.1 release. But the issue is still present.

2021-08-26T14:23:10.1917752Z                       (TaskId:5321)
2021-08-26T14:23:10.1918268Z                      Total analyzer execution time: 2808.652 seconds. (TaskId:5321)
2021-08-26T14:23:10.1919101Z                      NOTE: Elapsed time may be less than analyzer execution time because analyzers can run concurrently. (TaskId:5321)
2021-08-26T14:23:10.1920061Z                       (TaskId:5321)
2021-08-26T14:23:10.1920524Z                      Time (s)    %   Analyzer (TaskId:5321)
2021-08-26T14:23:10.1921290Z                      2167.177   77   SonarAnalyzer.CSharp, Version=8.25.0.0, Culture=neutral, PublicKeyToken=c5b62af9de6d7244 (TaskId:5321)
2021-08-26T14:23:10.1922198Z                      1333.880   47      SonarAnalyzer.Rules.CSharp.CbdeHandlerRule (S3949) (TaskId:5321)
2021-08-26T14:23:10.1923256Z                       237.480    8      SonarAnalyzer.Rules.SymbolicExecution.SymbolicExecutionRunner (S1944, S2053, S2259, S2583, S2589, S3329, S3655, S3900, S3966, S4158, S5773) (TaskId:5321)
2021-08-26T14:23:10.1925145Z                        42.538    1      SonarAnalyzer.Rules.CSharp.RedundantDeclaration (S3257) (TaskId:5321)
2021-08-26T14:23:10.1925982Z                        36.264    1      SonarAnalyzer.Rules.CSharp.AvoidExcessiveClassCoupling (S1200) (TaskId:5321)
2021-08-26T14:23:10.1926867Z                        30.162    1      SonarAnalyzer.Rules.CSharp.PrivateFieldUsedAsLocalVariable (S1450) (TaskId:5321)
2021-08-26T14:23:10.1927766Z                        25.947   <1      SonarAnalyzer.Rules.CSharp.SymbolReferenceAnalyzer (S9999-symbolRef) (TaskId:5321)
2021-08-26T14:23:10.1928607Z                        20.879   <1      SonarAnalyzer.Rules.CSharp.UnnecessaryUsings (S1128) (TaskId:5321)
2021-08-26T14:23:10.1929478Z                        15.649   <1      SonarAnalyzer.Rules.CSharp.SpecifyIFormatProviderOrCultureInfo (S4056) (TaskId:5321)
2021-08-26T14:23:10.1930313Z                        15.528   <1      SonarAnalyzer.Rules.CSharp.DeadStores (S1854) (TaskId:5321)
2021-08-26T14:23:10.1931113Z                        13.972   <1      SonarAnalyzer.Rules.CSharp.DoNotCallExitMethods (S1147) (TaskId:5321)
2021-08-26T14:23:10.1931953Z                        13.812   <1      SonarAnalyzer.Rules.CSharp.TokenTypeAnalyzer (S9999-token-type) (TaskId:5321)
2021-08-26T14:23:10.1932845Z                        11.995   <1      SonarAnalyzer.Rules.CSharp.InsecureEncryptionAlgorithm (S2278, S5547) (TaskId:5321)
2021-08-26T14:23:10.1933724Z                        10.227   <1      SonarAnalyzer.Rules.CSharp.UnusedPrivateMember (S1144, S4487) (TaskId:5321)
2021-08-26T14:23:10.1934552Z                        10.142   <1      SonarAnalyzer.Rules.CSharp.VariableUnused (S1481) (TaskId:5321)
2021-08-26T14:23:10.1935364Z                         9.268   <1      SonarAnalyzer.Rules.CSharp.MethodsShouldUseBaseTypes (S3242) (TaskId:5321)
2021-08-26T14:23:10.1936213Z                         8.807   <1      SonarAnalyzer.Rules.CSharp.MethodParameterUnused (S1172) (TaskId:5321)
2021-08-26T14:23:10.1937089Z                         8.357   <1      SonarAnalyzer.Rules.CSharp.PreferJaggedArraysOverMultidimensional (S3967) (TaskId:5321)
2021-08-26T14:23:10.1937983Z                         8.191   <1      SonarAnalyzer.Rules.CSharp.SpecifyStringComparison (S4058) (TaskId:5321)
2021-08-26T14:23:10.1938820Z                         7.398   <1      SonarAnalyzer.Rules.CSharp.DoNotWriteToStandardOutput (S106) (TaskId:5321)
2021-08-26T14:23:10.1939732Z                         7.112   <1      SonarAnalyzer.Rules.CSharp.InfiniteRecursion (S2190) (TaskId:5321)
2021-08-26T14:23:10.1940549Z                         7.058   <1      SonarAnalyzer.Rules.CSharp.MetricsAnalyzer (S9999-metrics) (TaskId:5321)
2021-08-26T14:23:10.1941415Z                         6.959   <1      SonarAnalyzer.Rules.CSharp.MethodOverloadsShouldBeGrouped (S4136) (TaskId:5321)
2021-08-26T14:23:10.1942348Z                         6.944   <1      SonarAnalyzer.Rules.CSharp.UseUriInsteadOfString (S3994, S3995, S3996, S3997, S4005) (TaskId:5321)
2021-08-26T14:23:10.1943327Z                         6.694   <1      SonarAnalyzer.Rules.CSharp.ReferenceEqualityCheckWhenEqualsExists (S1698) (TaskId:5321)
2021-08-26T14:23:10.1944216Z                         6.279   <1      SonarAnalyzer.Rules.CSharp.NormalizeStringsToUppercase (S4040) (TaskId:5321)
2021-08-26T14:23:10.1945064Z                         6.133   <1      SonarAnalyzer.Rules.CSharp.ExecutingSqlQueries (S2077) (TaskId:5321)
2021-08-26T14:23:10.1946190Z                         6.039   <1      SonarAnalyzer.Rules.CSharp.PropertyNamesShouldNotMatchGetMethods (S4059) (TaskId:5321)
2021-08-26T14:23:10.1947128Z                         5.688   <1      SonarAnalyzer.Rules.CSharp.ThreadResumeOrSuspendShouldNotBeCalled (S3889) (TaskId:5321)
....
2021-08-26T14:23:10.2259529Z                       (TaskId:5321)
2021-08-26T14:23:10.2260197Z                       319.091   11   SonarAnalyzer.Security, Version=9.0.0.12669, Culture=neutral, PublicKeyToken=null (TaskId:5321)
2021-08-26T14:23:10.2261366Z                       319.091   11      SonarAnalyzer.Security.CSharp.UcfgGenerator (S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5167, S5334, S6096) (TaskId:5321)
2021-08-26T14:23:10.2262215Z                       (TaskId:5321)
2021-08-26T14:23:10.2262875Z                       286.476   10   SecurityCodeScan.VS2019, Version=5.1.0.0, Culture=neutral, PublicKeyToken=null (TaskId:5321)
2021-08-26T14:23:10.2263810Z                       159.753    5      SecurityCodeScan.Analyzers.Taint.HardcodedPasswordAnalyzer (SCS0015) (TaskId:5321)
2021-08-26T14:23:10.2264710Z                        15.811   <1      SecurityCodeScan.Analyzers.Taint.CommandInjectionTaintAnalyzer (SCS0001) (TaskId:5321)
2021-08-26T14:23:10.2265854Z                        15.447   <1      SecurityCodeScan.Analyzers.Taint.PathTraversalTaintAnalyzer (SCS0018) (TaskId:5321)
2021-08-26T14:23:10.2266735Z                        15.166   <1      SecurityCodeScan.Analyzers.Taint.XPathTaintAnalyzer (SCS0003) (TaskId:5321)
2021-08-26T14:23:10.2267632Z                        14.946   <1      SecurityCodeScan.Analyzers.Taint.DeserializationTaintAnalyzer (SCS0028) (TaskId:5321)
2021-08-26T14:23:10.2268532Z                        14.903   <1      SecurityCodeScan.Analyzers.Taint.OpenRedirectTaintAnalyzer (SCS0027) (TaskId:5321)
2021-08-26T14:23:10.2269675Z                        14.764   <1      SecurityCodeScan.Analyzers.Taint.XssTaintAnalyzer (SCS0029) (TaskId:5321)
2021-08-26T14:23:10.2270547Z                        14.458   <1      SecurityCodeScan.Analyzers.Taint.SqlInjectionTaintAnalyzer (SCS0002) (TaskId:5321)
2021-08-26T14:23:10.2271442Z                         9.339   <1      SecurityCodeScan.Analyzers.WeakCipherModeAnalyzerCSharp (SCS0013) (TaskId:5321)
2021-08-26T14:23:10.2272317Z                         5.615   <1      SecurityCodeScan.Analyzers.WeakHashingAnalyzerCSharp (SCS0006) (TaskId:5321)
2021-08-26T14:23:10.2273184Z                         1.474   <1      SecurityCodeScan.Analyzers.WeakCipherAnalyzerCSharp (SCS0010) (TaskId:5321)
2021-08-26T14:23:10.2274044Z                         1.471   <1      SecurityCodeScan.Analyzers.XxeDiagnosticAnalyzerCSharp (SCS0007) (TaskId:5321)
2021-08-26T14:23:10.2274920Z                         1.031   <1      SecurityCodeScan.Analyzers.WeakRandomAnalyzerCSharp (SCS0005) (TaskId:5321)
2021-08-26T14:23:10.2275772Z                         0.704   <1      SecurityCodeScan.Analyzers.CookieAnalyzer (SCS0008, SCS0009) (TaskId:5321)
2021-08-26T14:23:10.2276676Z                         0.512   <1      SecurityCodeScan.Analyzers.WeakCertificateValidationAnalyzerCSharp (SCS0004) (TaskId:5321)
2021-08-26T14:23:10.2277600Z                         0.320   <1      SecurityCodeScan.Analyzers.UnsafeDeserializationAnalyzerCSharp (SCS0028) (TaskId:5321)
2021-08-26T14:23:10.2278493Z                         0.226   <1      SecurityCodeScan.Analyzers.XsltSettingsAnalyzer (SCS0011) (TaskId:5321)
2021-08-26T14:23:10.2279354Z                         0.189   <1      SecurityCodeScan.Analyzers.RequestValidationAnalyzerCSharp (SCS0017) (TaskId:5321)
2021-08-26T14:23:10.2280223Z                         0.147   <1      SecurityCodeScan.Analyzers.CompilationAnalyzer (SCS0000) (TaskId:5321)
2021-08-26T14:23:10.2281073Z                         0.140   <1      SecurityCodeScan.Analyzers.OutputCacheAnnotationAnalyzer (SCS0019) (TaskId:5321)
2021-08-26T14:23:10.2281963Z                         0.023   <1      SecurityCodeScan.Analyzers.CsrfTokenDiagnosticAnalyzer (SCS0016) (TaskId:5321)
2021-08-26T14:23:10.2282967Z                         0.016   <1      SecurityCodeScan.Analyzers.Taint.LdapPathTaintAnalyzer (SCS0026) (TaskId:5321)
2021-08-26T14:23:10.2283922Z                         0.016   <1      SecurityCodeScan.Analyzers.Taint.LdapFilterTaintAnalyzer (SCS0031) (TaskId:5321)
2021-08-26T14:23:10.2284887Z                         0.003   <1      SecurityCodeScan.Analyzers.WebConfigAnalyzer (SCS0021, SCS0022, SCS0023, SCS0024, SCS0030) (TaskId:5321)
2021-08-26T14:23:10.2285845Z                         0.001   <1      SecurityCodeScan.Analyzers.HtmlValidateRequestAnalyzer (SCS0021) (TaskId:5321)
2021-08-26T14:23:10.2286798Z                        <0.001   <1      SecurityCodeScan.Analyzers.WeakPasswordValidatorPropertyAnalyzer (SCS0032, SCS0033, SCS0034) (TaskId:5321)
2021-08-26T14:23:10.2287809Z                        <0.001   <1      SecurityCodeScan.Analyzers.AthorizationAttributeDiagnosticAnalyzer (SCS0012) (TaskId:5321)
2021-08-26T14:23:10.2288458Z                       (TaskId:5321)
2021-08-26T14:23:10.2289230Z                        29.376    1   Microsoft.CodeAnalysis.CSharp.CodeStyle, Version=3.10.4.32937, Culture=neutral, PublicKeyToken=31bf3856ad364e35 (TaskId:5321)
2021-08-26T14:23:10.2290364Z                        14.480   <1      Microsoft.CodeAnalysis.CSharp.RemoveUnreachableCode.CSharpRemoveUnreachableCodeDiagnosticAnalyzer (IDE0035) (TaskId:5321)
2021-08-26T14:23:10.2291963Z                        14.148   <1      Microsoft.CodeAnalysis.CSharp.RemoveUnnecessaryImports.CSharpRemoveUnnecessaryImportsDiagnosticAnalyzer (IDE0005, IDE0005_gen, RemoveUnnecessaryImportsFixable) (TaskId:5321)
2021-08-26T14:23:10.2293271Z                         0.546   <1      Microsoft.CodeAnalysis.CSharp.RemoveUnusedMembers.CSharpRemoveUnusedMembersDiagnosticAnalyzer (IDE0051, IDE0052) (TaskId:5321)

Andrei_Epure · September 27, 2021, 12:00pm

Hello and welcome to the community.

We’ve removed rule S3949 from SonarWay early this year because of its performance problems and also because of its functional limitations. We plan to rewrite it in a more efficient and accurate manner. We don’t have an ETA for it.

Yes we haven’t rewritten it yet. It won’t happen in the short-term as we have other priorities.

Petr-Kovalev · October 4, 2021, 7:08am

Good to know! Thank you!