Sonarcloud maven scan consumes all memory and dies after reaching rule S3649

ylyachman · November 14, 2018, 11:11am

Can’t finish code analysis of maven java project with SonarCloud running in bitbucket pipelines. Sonar comes to rule S3649, consumes all available memory (already running 2x with 6GB maven xmx), then dies.

Below are relevant configs and logs.

Please help.
Yan

bitbucket-pipelines.yml

image: maven:3.5.4-jdk-8

pipelines:
  default:
    - step:
        size: 2x
        caches:
          - sl-maven-repo-cache
          - m2-cache
          - sonarcloud
        script: # Modify the commands below to build your repository.         
          - mvn -e -B -f "${workspaceDir}/webapp_core/pom.xml" -Dmaven_repo_base="$workspaceDir" verify -DskipTests -Pmaster
          - pushd "${workspaceDir}/webapp_core"
          - export MAVEN_OPTS="-Xmx6080m"
          - mvn sonar:sonar -Dsonar.projectKey=<removed> -Dsonar.organization=<removed> -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN
          - popd

definitions:
  caches:
    sl-maven-repo-cache: maven_repo
    m2-cache: ~/.m2/repository
    sonarcloud: ~/.sonar/cache
  services:
    maven:
      image: maven:3.5.4
      memory: 7128

Pipeline console

[INFO] 23/23 source files have been analyzed
[INFO] Sensor PL/SQL Sensor [plsql] (done) | time=1104ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [/opt/atlassian/pipelines/agent/build/webapp_core/target/surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=3ms
[INFO] Sensor JaCoCoSensor [java]
[WARNING] Property 'sonar.jacoco.reportPath' is deprecated. Please use 'sonar.jacoco.reportPaths' instead.
[INFO] JaCoCo UT report not found: '/opt/atlassian/pipelines/agent/build/webapp_core/target/jacoco-ut.exec'
[WARNING] Property 'sonar.jacoco.itReportPath' is deprecated. Please use 'sonar.jacoco.reportPaths' instead.
[INFO] JaCoCo IT report not found: '/opt/atlassian/pipelines/agent/build/webapp_core/target/jacoco-it.exec'
[INFO] Sensor JaCoCoSensor [java] (done) | time=6ms
[INFO] Sensor SonarJavaXmlFileSensor [java]
[INFO] 8 source files to be analyzed
[INFO] 8/8 source files have been analyzed
[INFO] Sensor SonarJavaXmlFileSensor [java] (done) | time=222ms
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=21ms
[INFO] Sensor XML Sensor [xml]
[WARNING] Metric 'comment_lines_data' is deprecated. Provided value is ignored.
[INFO] Sensor XML Sensor [xml] (done) | time=370ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=10ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=736ms
[INFO] Sensor JavaSecuritySensor [security]
[INFO] Reading UCFGs from: /opt/atlassian/pipelines/agent/build/webapp_core/target/sonar/ucfg2/java
[INFO] UCFGs: 26324, excluded: 25859, source entrypoints: 465
[INFO] Analyzing 26324 ucfgs to detect vulnerabilities.
[INFO] rule: S3649, entrypoints: 275
[WARNING] [JOURNAL_FLUSHER] WARNING Journal flush operation took 15,436ms last 8 cycles average is 1,929ms
[WARNING] [JOURNAL_FLUSHER] WARNING Journal flush operation took 40,258ms last 8 cycles average is 5,032ms
Exception in thread "LOG_FLUSHER" java.lang.OutOfMemoryError: Java heap space
	at java.util.ArrayList.iterator(ArrayList.java:840)
	at java.util.Collections$SynchronizedCollection.iterator(Collections.java:2031)
	at com.persistit.Persistit.pollAlertMonitors(Persistit.java:2285)
	at com.persistit.Persistit$LogFlusher.run(Persistit.java:192)
Exception in thread "CLEANUP_MANAGER" java.lang.OutOfMemoryError: Java heap space
	at java.util.HashMap$Values.iterator(HashMap.java:968)
	at com.persistit.JournalManager.pruneObsoleteTransactions(JournalManager.java:1734)
	at com.persistit.JournalManager.pruneObsoleteTransactions(JournalManager.java:1720)
	at com.persistit.CleanupManager.poll(CleanupManager.java:162)
	at com.persistit.CleanupManager.runTask(CleanupManager.java:88)
	at com.persistit.IOTaskRunnable.run(IOTaskRunnable.java:144)
	at java.lang.Thread.run(Thread.java:748)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:02 h
[INFO] Finished at: 2018-11-14T10:45:24Z
[INFO] ------------------------------------------------------------------------
[ERROR] Java heap space: failed reallocation of scalar replaced objects -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/OutOfMemoryError

prasad-gowda · January 4, 2019, 7:53pm

Hi yan,

Did you get any solution for this issue. I having same issue as well.

Thanks
Prasad

Alexandre_Gigleux · January 10, 2019, 8:03am

Hello @prasad-gowda / @ylyachman,

Would you be able to share your projects so we can investigate / debug them and understand what’s wrong?
Without that, it’s just impossible to progress. If your projects are private ones, let’s discuss by email to find a solution.

Thanks

Nicolas_Peru · January 10, 2019, 8:09am

It seems from the log that you are hitting a performance issue on the security taint analyser. This is something we are already actively working on for the release of SonarQube 7.6 (to come soon).
In order to investigate and reproduce the issue what we would be mostly interested in is the binary files located in target/sonar/ucfg2/java

If you can ideally zip this and make it available (privately) to us that would be the best way for us to try to tackle the issue.
As a workaround this problem you can always deactivate the culprit rule.