reported infer issues not shown as accepted issues

[mrwsl]

Describe the bug
Foremost, thank you for this wonderful plugin!

I am scanning code with infer and it reports findings:

src/somefile.h:311: error: Dead Store
  The value written to `&matrixXf2String` is never used. 
  309.   std::string       out   = "\n" + stars + " GCode::Data::Part to_string " + stars;
  310. 
  311.   auto matrixXf2String = []( const eg::MatrixXf& mat ) -> std::string {
         ^
  312.     assert( "Matrix is not 3 x p as expected" && ( mat.rows() == 3 ) );
  313. 
tests/somefile2.cpp:217: error: Null Dereference
  `...` could be null (from the call to `...::append_layer()` on line 206) and is dereferenced in the call to `...`. 
  215.   } );
  216. 
  217.   EXPECT_EQ( ( testPath[ 0, 0, 0 ] ), eg::Vector3f( 0.0F, 0.0F, 0.0F ) ) << Message( "Read Path[0,0,0]" );
         ^
  218.   EXPECT_EQ( ( testPath[ 0, 0, 1 ] ), eg::Vector3f( 0.01F, 0.01F, 0.01F ) ) << Message( "Read Path[0,0,1]" );
  219. 
tests/somefile2.cpp:364: error: Null Dereference
  `...` could be null (from the call to `...` on line 353) and is dereferenced in the call to `...`. 
  362.   } );
  363. 
  364.   EXPECT_EQ( ( testPath[ 0, 0, 0 ] ), eg::Vector3f( 0.0F, 0.0F, 0.0F ) ) << Message( "Read Path[0,0,0]" );
         ^
  365.   EXPECT_EQ( ( testPath[ 0, 0, 1 ] ), eg::Vector3f( 0.01F, 0.01F, 0.01F ) ) << Message( "Read Path[0,0,1]" );
  366. 

In a next step, SonarScanner is reporting the found issues:

2024-11-20T15:07:07.5356247Z 15:07:07.535 INFO  Sensor CXX Infer report import [cxx]
2024-11-20T15:07:07.5358164Z 15:07:07.535 INFO  Processing report '/workspace/.../infer-out/report.json'
2024-11-20T15:07:07.5643016Z 15:07:07.563 INFO  Processing successful, saved new issues=3
2024-11-20T15:07:07.5643383Z 15:07:07.564 INFO  Sensor CXX Infer report import [cxx] (done) | time=29ms

In the project's overview of the analysis, the issues are not shown. I have set up a quality profile that has these two issues, “NULL_DEREFERENCE” and “DEAD_STORE” enabled.

To Reproduce
Steps to reproduce the behavior:

1. Scan code with infer
2. SonarScanner uploads issues

Expected behavior
New issues for the found problems are created

Desktop (please complete the following information):

• OS: Linux
• SonarQube version: 10.6
• cxx plugin version: 2.2.0.760
• sonar-scanner version: 6.0.0.4432

Additional context
This might not be a bug, but me not configuring SonarQube correctly.

[guwirth]

Hello @mrwsl,

thanks for the feedback!

Have you read https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Scan-Report-Files, especially Troubleshooting and Understanding the scanner .LOG file.

Processing successful, saved new issues=3

From your .LOG snippet it seems that the sensor detects the issues and forwarding it to SQ.

• "saved" does not mean rules are active and source file is available
• Verify that source files are indexed and paths are correct (Indexing files in the LOG file)?
• Manage Quality Profiles: Rules are enabled in the quality profile?

If still a problem turn debug info on and provide a little bit more logging.

Regards,

[guwirth]

@mrwsl there is also https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.infer.reportPaths saying "Read Infer reports in JSON format.". Your report is not JSON?

[mrwsl]

Hi @guwirth,

thank you for taking the time to answer!

Have you read https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Scan-Report-Files, especially Troubleshooting and Understanding the scanner .LOG file.

I did read the wiki. So far, I got tidy, clangsa, cppcheck and own rules working. So I am aware of the process of setting up quality profiles and activating rules for it. This is why I am a bit suspicious why the infer issues are not shown :)

Verify that source files are indexed and paths are correct (Indexing files in the LOG file)?

The files are indexed by the scanner, since I already got reports on said file as issues in SonarQube and the file is listed in the logs as well.

Manage Quality Profiles: Rules are enabled in the quality profile?

I enabled all infer rules in the quality profile used.

If still a problem turn debug info on and provide a little bit more logging.

Below you find the part from infer. I can provide the full log if necessary but will need some time to redact it.

15:41:14.100 INFO  Sensor CXX Cppcheck report import [cxx] (done) | time=40ms
15:41:14.100 INFO  Sensor CXX Infer report import [cxx]
15:41:14.100 DEBUG Searching 'sonar.cxx.infer.reportPaths' files with Ant pattern '[infer-out/report.json]'
15:41:14.100 DEBUG Search files(s) in path(s): '/workspace/.../infer-out/report.json'
15:41:14.100 DEBUG Found '1' file(s)
15:41:14.100 INFO  Processing report '/workspace/.../infer-out/report.json'
15:41:14.131 INFO  Processing successful, saved new issues=3
15:41:14.132 INFO  Sensor CXX Infer report import [cxx] (done) | time=32ms
15:41:14.132 INFO  Sensor CXX Valgrind report import [cxx]

Your report is not JSON?

I double-checked and piped the file into jless and there was no complaint.

I also made sure that the rules shown in the screenshot are activated in the quality profile.

[guwirth]

Hi @mrwsl,

next thing you should check is if paths in report file fits exactly to indexed paths. Often reports are created on different machines with different absolute paths.

• https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Troubleshooting-Reports#file-indexing
• https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Troubleshooting-Reports#file-path-issues

Can you provide one sample from the LOG file of an indexed file and a matching issue from the JSON file please. In case of relative paths, base dir is also interesting.

Regards,

[mrwsl]

Sure! Here is the part from the debug log where the indexing is happening:

....
15:41:09.118 INFO  Base dir: /workspace/pathto/dir
....
15:41:12.028 INFO  Indexing files...
15:41:12.029 INFO  Project configuration:
...
15:41:12.035 DEBUG 'src/file.h' indexed with language 'cxx'
...

The file part from the report.json:

"file":"src/file.h",

[guwirth]

@mrwsl I will add an integration test to see if feature is still working. Unit tests are green.

[guwirth]

@mrwsl strange, the integration tests are working:

• add Infer integration tests #2821
• https://github.com/SonarOpenCommunity/sonar-cxx/actions/runs/11956207514?pr=2821
  • https://github.com/SonarOpenCommunity/sonar-cxx/actions/runs/11956207514/job/33330558678?pr=2821
  • LOG files: https://github.com/SonarOpenCommunity/sonar-cxx/actions/runs/11956207514/artifacts/2219620679

For my understanding is only left: Problem with the Quality Profile: Are the rules really activated in the quality profile you are using for scanning? Processing successful, saved new issues=3 means the parser found three issues in the report, but on scanner side is no test if the rule is active or not.

You can also provide me a report/sample, I can try to add it to our CI to see if it's working.

[mrwsl]

Thanks for all the effort!

I also think that this is an issue on my end, and I fail to see why.

The one issue I can share since it does not depend on any other implementation:

  auto matrixXf2String = []( const eg::MatrixXf& mat ) -> std::string {
    assert( "Matrix is not 3 x p as expected" && ( mat.rows() == 3 ) );

    std::string str = "Point Cloud of size " + std::to_string( mat.cols() ) + "\n";
    for ( eg::Index j = 0; j < mat.cols(); ++j ) {
      str += "(" + std::to_string( mat( 0, j ) ) + ", "
                 + std::to_string( mat( 1, j ) ) + ", "
                 + std::to_string( mat( 2, j ) ) + "), ";
    }

    str = str.replace( str.length() - 2, std::string::npos, "" ) + "\n"; // remove last ", "
    return ( str );
  }; 

This part results in a error: Dead Store warning, which is enabled in my quality profile.

(Initially, I enabled all the rules for every analysis we run)

EDIT: removed comments from code example

[mrwsl]

Of course, something I overlooked: Said issues were not part of new code and therefore not reported. @guwirth thank you again for sticking with me and even doing unit tests!

EDIT: might this be something for the FAQ?