Skip to content

Description Features

Jump to bottom
guwirth edited this page Mar 10, 2021 · 21 revisions

This description is only valid for cxx plugin version 1.x

This is a SonarQube plugin, which adds support for C++ language. It provides following features:

  • A full stack of components (preprocessor, lexer and parser) needed to parse, create a model and analyse your sources.
  • A parse error recovery, which allows the cxx plugin to skip only those units of code which could not be parsed successfully (experimental).
  • A nearly complete support of the standards C++03 and C++11, support for a few GNU and Microsoft extensions.
  • Support for the multi-language feature found in SonarQube >= 4.2
  • Calculation of various size metrics (Number of lines/statements/classes/methods, LOC etc.)
  • Feeding of code analysis results for virtually any analyzer, including but not limited to:
    • Cppcheck
    • RATS
    • Vera++
    • Valgrind
  • Predefined rules for supported analyzers
  • A SQALE Model which covers most of Cppcheck, PC-lint, Vera and Rats rules.
  • Cyclomatic (McCabe) complexity metrics
  • Code coverage metrics including:
    • Unit test coverage (line and branch)
    • Integration test coverage (line and branch)
    • Overall branch coverage (line and branch)
  • Unit test execution metrics
  • Recognition of code duplication
  • Highlighting mode for C++ in SonarQube UI
  • Force include of header files (sonar.cxx.forceIncludes), similar to GCC --include, Visual Studio /FI or cppcheck --include
  • Calculation of the public documented API metrics
  • Calculation of package cycles and package tangle index

Dependencies

The cxx plugin doesn't have obligatory dependencies.

However, you may need the following tools in order to extend the amount of metrics collected:

  • Various external code analyzers:
    • Cppcheck: detects a wide range of problems ranging from performance issues and resource leakage to undefined behaviour. Binary packets are available on/for various platforms. Using the latest release pays off in general; compile from source if in doubt.
    • RATS: detects (potential) security problems in code, sensible for code bases with increased security requirements. Use binary packages or compile from source.
    • Vera++: focuses on code style issues. There's a binary package for Microsoft Windows, users of other platforms are likely to compile themselves.
    • Valgrind: Detects various memory management problems at runtime. Basically Linux only; just use the packages from your distribution.
    • Pc-Lint. Static analyzer from Gimpel Software
  • gcov, gcovr, kcov and Bullseye for coverage determination.

Known Limitations

  • Not all of C++ can be parsed by now. You may hit parse errors when analyzing your project.
  • The cxx plugin expects to be fed with syntactically correct code. This is a conscious design decision: we do not want to reimplement a compiler and try to follow the KISS principle. Do not expect as much guidance as you can get from a c++ compiler.
  • The cxx plugin doesn't know about standard include paths. You have to configure them manually using the property sonar.cxx.includeDirectories
  • Have also a look at the issue tracker

            Wiki Home             Issue Tracker             Releases             Contributors             License

Clone this wiki locally