-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle multiple "stack" nodes for errors in Valgrind XML report files #1440
Comments
@jhoussay could you
|
Hi @guwirth , Here is an example of report : valgrind_output.xml.txt. The invalid write "error" node starts line 37. It contains two "stack" nodes, the first one (line 42) corresponding to the invalid write itself (2) and the second one (line 141) corresponding to the memory allocation (1).
As I said in the first post, only the last stack is kept and, in SonarQube, I have the following behaviour, only pointing to the allocation place, which does not really help to spot the invalid memory access. So, to my mind, we need one message with the two locations provided in the "error" node. I had a look to #1436, I would say it corresponds to the same issue but for cppcheck output files. As far as I understand sonar cxx, maybe this pull request could be used for valgrind report parsing as well :
|
@guwirth @jhoussay #1447 has to address stack frames of Valgrind finding: all frames, which belong to the analyzed project will be referenced as secondary locations. An other issue I can recognize from the screenshot is the terrible formatting of the stack trace. I guess it should be enough to insert it as a code block. Markdown is supported in comments, not sure about issues. It must be tested. diff --git a/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/CxxValgrindSensor.java b/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/CxxValgrindSensor.java
index 160dcfc..33d5916 100644
--- a/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/CxxValgrindSensor.java
+++ b/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/CxxValgrindSensor.java
@@ -73,7 +73,7 @@ public class CxxValgrindSensor extends CxxReportSensor {
ValgrindFrame frame = error.getLastOwnFrame(context.fileSystem().baseDir().getPath());
if (frame != null) {
saveUniqueViolation(context, CxxValgrindRuleRepository.KEY,
- frame.getPath(), frame.getLine(), error.getKind(), error.toString());
+ frame.getPath(), frame.getLine(), error.getKind(), error.toMarkdown());
} else {
LOG.warn("Cannot find a project file to assign the valgrind error '{}' to", error);
}
diff --git a/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/ValgrindError.java b/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/ValgrindError.java
index e38acb9..b9f890f 100644
--- a/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/ValgrindError.java
+++ b/cxx-sensors/src/main/java/org/sonar/cxx/sensors/valgrind/ValgrindError.java
@@ -49,6 +49,10 @@ class ValgrindError {
return text + "\n\n" + stack;
}
+ public String toMarkdown() {
+ return text + "\n\n```\n" + stack + "\n```\n";
+ }
+
@Override
public boolean equals(Object o) {
if (this == o) { |
FYI: the patch is wrong; neither HTML nor markdown are supported inside of message |
Hi @guwirth, @ivangalkin, I just relaunched the analysis with #1447. I have the feeling that multiple code locations are enabled (as seen at the bottom of the following screenshot) but are not handled in the valgrind report. PS: @ivangalkin, I clearly agree that a better formatting for valgrind call stacks would be very nice :-) |
Hi @jhoussay! Thank you for testing and commenting! error = parser.get_error()
last_frame = error.get_last_own_frame()
issue.create_primarly_location(last_frame.full_source_path, last_frame.line_nr, parser.get_stack().to_string());
stack = parser.get_stack()
for frame in stack:
if frame.full_source_path in analyzed_project:
msg = frame.nr + frame.address + frame.signature + frame.filename
issue.add_secondary_location(frame.full_source_path, frame.line_nr, msg) So there are multiple reasons for wrong visualization:
<dir>/home/jho/dev/Project/code/externals/ThirdParty/cppunit/sources/src/cppunit</dir>
<dir>/home/jho/dev/Project/code/externals/ThirdParty/include/cppunit</dir>
<dir>/home/jho/dev/Project/code/modules/MO_SURMOD/src/MO_SURMOD</dir>
<dir>/home/jho/dev/Project/code/tu/MO_SURMOD_TU/include/MO_SURMOD_TU</dir> Are all of them part of the SonarQube project? If the test directory ( @jhoussay Please double-check the properties of your SonarQube analysis. I think the introduction of dummy secondary locations (if source file was not found in project, see below) would make the visualization more consistent. Such location could be additionally grouped into a "flow" (see NewIssue API)
@guwirth I confirm the issue w.r.t. the insufficient parsing (see nr. 2). If nobody insists on fixing this issue by himself/herself I will provide a patch soon (it is related to my #1447, but should be made as separate pull request). Regarding the nr. 3 - its not a bug in my opinion, but rather a limitation of SonarQube. I can try to experiment with comments API, but I'm not 100% sure if is technically possible. Best regards, |
Hi @ivangalkin, Thanks a lot for your detailed answer ! It made me realize I totally misunderstood #1447 goal : I was considering a "location" as a full stack while it was a frame within the stack.
|
* proper parsing of multiple <stack>s and <auxwhat>s see https://github.com/pathscale/valgrind-mmt/blob/master/docs/internals/xml-output.txt Each stackstrace of Valgrind will be stored as a separate NewIssue. The reason is missing formatting for error messages (even line breaks are not allowed). Error messages with one stack trace are already hard to read. * revisit Valgrind*::equals() and Valgrind*::hashCode() implementation a. equals() shouldn not be implemented through hashCode() because there could be hash collisions and unequal objects could return true b. perform equals()/hashCode() over all fields I believe that SonarQube has to show the Valgrind's report as-is. There should be no filtering or obfuscation
* proper parsing of multiple <stack>s and <auxwhat>s see https://github.com/pathscale/valgrind-mmt/blob/master/docs/internals/xml-output.txt Each stackstrace of Valgrind will be stored as a separate NewIssue. The reason is missing formatting for error messages (even line breaks are not allowed). Error messages with one stack trace are already hard to read. * revisit Valgrind*::equals() and Valgrind*::hashCode() implementation a. equals() shouldn not be implemented through hashCode() because there could be hash collisions and unequal objects could return true b. perform equals()/hashCode() over all fields I believe that SonarQube has to show the Valgrind's report as-is. There should be no filtering or obfuscation
CxxValgrindSensor: allow multiple <stack> nodes #1440
solved with #1461 |
* CxxDrMemorySensor * CppcheckParserV2 * CxxValgrindSensor * enable the new interface for all remaining sensors see also issue SonarOpenCommunity#1440
* CxxDrMemorySensor * CppcheckParserV2 * CxxValgrindSensor * enable the new interface for all remaining sensors see also issue SonarOpenCommunity#1440
Hi,
For some Valgrind errors (such as "InvalidWrite"), the corresponding XML node contains two distinct "stack" nodes, one corresponding to the allocation stack and the other one corresponding to the memory misuse stack.
Unfortunately, sonar cxx only presents the content of one "stack'" node found in the "error" node. In my case, this is pretty annoying as the stack available in Sonar is the allocation stack and does not allow easy identication of the memory misuse.
It seems to come from the
parseErrorTag
method in ValgrindReportParser.java. When multiple "stack" nodes are contained in the "error" node, only the last one is kept:Handling multliple stacks at this point would require to do so in ValgrindError.java as well and modify the
getLastOwnFrame
method in order to provide the "best" stack origin...Julien
The text was updated successfully, but these errors were encountered: