Sensor to read reports from the Infer tool. Infer is a static analysis tool - if you give Infer some C/C++/Objective-C code it produces a list of potential bugs. Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s.

Note: The cxx plugin itself does not run the tool, you have to do that yourself beforehand. The sensor only reads the report generated by the tool!

• Link to the tool page: https://fbinfer.com/
• The sensor supports rules from Infer with version 1.0.
• Read Infer reports in JSON format.

In order to run Infer and generate a fitting report, make sure:

• to call it from the projects root directory, so that the paths in the report fit
• that the parameter matches the sonar.sources list in sonar-project.properties

Sample command lines:

When analyzing C/C++ files, Infer captures the gcc command and runs clang instead to parse them. Thus you may get compiler errors and warnings that differ from gcc's. So in particular, the following two commands are equivalent:

infer run -- gcc -c hello.c
infer run -- clang -c hello.c

Example with make:

infer run -- make

After a successful Infer run, a directory is created to store the results of the analysis. By default this directory is called infer-out. Inside of the directory a report.json like the example below should be generated:

[
   {
      "bug_type":"DEAD_STORE",
      "qualifier":"The value written to &buflen (type int) is never used.",
      "severity":"ERROR",
      "line":310,
      "column":25,
      "procedure":"tinyxml2::StrPair::GetStr",
      "procedure_start_line":267,
      "file":"externals/tinyxml/tinyxml2.cpp",
      "bug_trace":[
         {
            "level":0,
            "filename":"externals/tinyxml/tinyxml2.cpp",
            "line_number":310,
            "column_number":25,
            "description":"Write of unused value"
         }
      ],
      "key":"tinyxml2.cpp|GetStr|DEAD_STORE",
      "hash":"7cef429fd1a3d4ec3dcf4260c0ae58c9",
      "bug_type_hum":"Dead Store"
   }
]

1. First check if the file extensions read in by the cxx plugin are set (sonar.cxx.file.suffixes).
2. The rules for which you want to generate issue must be activated in the Quality Profile of your project. You can find instructions on how to do this under Manage Quality Profiles.
3. Set the analysis parameter sonar.cxx.infer.reportPaths in the configuration file sonar-project.properties of your project. The Report Paths link describes the configuration options.
4. Execute the SonarScanner to transfer the project with the report to the SonarQube Server.

Sample for sonar-project.properties:

sonar.cxx.infer.reportPaths=report.json

• Make sure your project is clean when you first run Infer on it (with make clean, or gradle clean, or ...).
• When running Infer several times in a row, either clean your project as in step 1 in-between Infer runs, or add --reactive to the infer command.
• If no results are displayed after a successful scan, check Manage Quality Profiles first.
• If scanning is failing, check items listed under Troubleshooting Configuration.
• If no issues are displayed for your source code in SonarQube, check the items listed under Troubleshooting Reports.
• In the case of incomplete scans, Detect and fix parsing errors gives advice on how to fix this.