On our code C++ base we are running sonarqube (enterprise edition v 9.9) on a regular basis. To ease developer work, we would like to deploy sonarLint in connected mode so that we can catch findings the earliest possible
Nevertheless, I am facing the issue that it seems that SonarLint is missing some of the “critical issues” found by Sonarqube (rule cpp:S3519).
When opening the target file under VS 2022 running SonarLint (v7.1.0 ), I get some of the findings in the output message, but not all .
So I checked the SonarLint output message and got this:
Refreshing PCH file for C:\XXX\src\harmonisation.cpp. PCH file location: C:\Users\mgur\AppData\Local\Temp\SLVS\PCH\33712268-25df-4d33-8826-2feacf674ecd\PCH.preamble
[SecretsAnalyzer] Analyzing C:\XXX\src\harmonisation.cpp
Loaded settings from "C:\Users\mgur\AppData\Roaming\SonarLint for Visual Studio\Bindings\YYY\secrets_settings.json".
[RuleSettings] Using connected mode settings. User-specified settings in settings.json will be ignored.
[SecretsAnalyzer] Finished analyzing C:\XXX\src\WBI\harmonisation.cpp, analysis time: 0.119s
[SecretsAnalyzer] Found 0 issue(s) for C:\XXX\src\harmonisation.cpp
Loaded settings from "C:\Users\mgur\AppData\Roaming\SonarLint for Visual Studio\Bindings\YYY\cpp_settings.json".
[RuleSettings] Using connected mode settings. User-specified settings in settings.json will be ignored.
[CFamily] Calculating effective rule settings...
[CFamily] Note: the following CFamily rules are not available in SonarLint: cpp:S5536, c:S5536, cpp:S4830, c:S4830, cpp:S5527, c:S5527
[CLangAnalyzer] Analyzing C:\XXX\src\harmonisation.cpp
Execution cancelled.
[CLangAnalyzer] Aborted analysis of C:\XXX\src\harmonisation.cpp, analysis has been re-triggered or has timed-out.
Could “this abort” explain the fact that issues are missing ?
Why does it abort ?
Why some issues reported by sonarqube are not there ?
Is there a way to fix it (as the exact same code is properly analyzed by Sonarqube) ? : is there some timeout we could fix
Note:
the code to analyze is compiling properly.
the code is less than 2000 lines long
Sorry for my late feedback
Since I updated the version of SonarLint to the last available one. Generally fidelity between server result and local SonarLint result looks better.
Now in this particular case / file I still miss cpp:S3519 reported on the server. So as suggested, I added a small function in cpp file as below
void test()
{
int array[10];
array[10] = 0;
}
In fact SonarLint report on the first line cpp:S5945 (I should better use std:: containers rather than c-style array) but do not complain about the array out of bound for the next line.
The output still tells about time out (see full msg)
Refreshing PCH file for C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp. PCH file location: C:\Users\mgur\AppData\Local\Temp\SLVS\PCH\73ab1958-0647-4fea-8da2-1e069a9fd292\PCH.preamble
[SecretsAnalyzer] Analyzing C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp
Loaded settings from "C:\Users\mgur\AppData\Roaming\SonarLint for Visual Studio\Bindings\Techlog\secrets_settings.json".
[RuleSettings] Using connected mode settings. User-specified settings in settings.json will be ignored.
[SecretsAnalyzer] Finished analyzing C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp, analysis time: 0.012s
[SecretsAnalyzer] Found 0 issue(s) for C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp
Loaded settings from "C:\Users\mgur\AppData\Roaming\SonarLint for Visual Studio\Bindings\Techlog\cpp_settings.json".
[RuleSettings] Using connected mode settings. User-specified settings in settings.json will be ignored.
[CFamily] Calculating effective rule settings...
[CFamily] Note: the following CFamily rules are not available in SonarLint: cpp:S5536, c:S5536, cpp:S4830, c:S4830, cpp:S5527, c:S5527
[CLangAnalyzer] Analyzing C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp
Execution cancelled.
[CLangAnalyzer] Aborted analysis of C:\Users\mgur\NotBackedUp\SRC\GIT\TechlogSolution\code\Slb\Techlog\Apps\Algos\src\WBI\harmonisation.cpp, analysis has been re-triggered or has timed-out.
I did another try, is to remove some code of this file.
After some part removed, detection of rule cpp:S3519 started to work. It looks like some complexity / code density may prevent detection of out of bound error.
Playing to put in comment code functions come to state where timeout is no more reported and cpp:S3519 rule violation is detected. Detection of this rule seems not to be linked to the position of the violation itself (same result if I put my test function at the begin or the end of the file)
We report rules in several passes, and symbolic execution rules, such as S3519, are only run in the last pass. So, if the timeout happens in a previous pass, it is expected that the location of the code has no impact.
Would you be able to supply a reproducer file, so we can look at the timings?
