sonar.cxx.pclint.reportPaths

Overview

Sensor to read reports from the PC-lint tool. PC-lint Plus is a comprehensive static analysis solution for C and C++. PC-lint Plus can check for violations of internal code guidelines as well as analyzing compliance with industry standards such as MISRA, AUTOSAR, and CERT C.

Note: The cxx plugin itself does not run the tool, you have to do that yourself beforehand. The sensor only reads the report generated by the tool!

Supported versions

• Link to the tool page: https://gimpel.com/
• The sensor supports rules from PC-lint 9.0 and PC-lint Plus 1.3.5.

Create report

In order to run PC-lint and generate a fitting report, make sure:

• to call it from the projects root directory, so that the paths in the report fit
• that the parameter matches the sonar.sources list in sonar-project.properties
• The PC-lint XML output needs to be formatted:

// XML options for cxx plugin.
-v // Turn off verbosity
-width(0,0) // Don't break long lines
+xml(?xml version="1.0" ?) // add version information
+xml(results) // Turn on XML escapes
-"format=<issue file =\q%f\q line = \q%l\q number = \q%n\q type=\q%t\q desc = \q%m\q/>"
-"format_specific= "
-hFs1 // The height of a message should be 1 i.e. don't output the line in error
-e900 // 'Successful completion message'

From the PC-lint -format documentation:

%f = the filename
(note that option +ffn, standing for "Full File Names", can be used to control whether full path names are used).
%l = the line number
%t = the message type (Error, Warning, etc.)
%n = the message number
%m = the message text
%c = the column number
%C = the column number +1
%i = the invoking function
%% = a percent sign
%(...%) = conditionally include the information denoted
by ... if the error occurred within a file.
\n = newline
\t = tab
\s = space
\a = alarm (becomes ASCII 7)
\q = quote ( "" )
\ = backslash ( '\' )

Sample command lines:

lint-nt.exe <args>... <files>...

Example of a report file

If the tool was executed successfully, a report like the example below should be generated:

<?xml version="1.0" encoding="UTF-8"?>
<result>
<issue file = ".\test.c" line = "4" number = "1960" desc = "Violates MISRA C++ 2008 Required Rule 5-0-19, More than two pointer indirection levels used for type: 'struct _wireSAFEARRAY ***"/>
<issue file = ".\test.c" line = "6" number = "1800" type = "supplemental" desc = "this is supplemental msg one."/>
<issue file = ".\test.c" line = "10" number = "586" desc = "operator 'new' is deprecated. [MISRA C++ Rule 18-4-1]"/>
</result>

Configure cxx plugin

1. First check if the file extensions read in by the cxx plugin are set (sonar.cxx.file.suffixes).
2. The rules for which you want to generate issue must be activated in the Quality Profile of your project. You can find instructions on how to do this under Manage Quality Profiles.
3. Set the analysis parameter sonar.cxx.pclint.reportPaths in the configuration file sonar-project.properties of your project. The Report Paths link describes the configuration options.
4. Execute the SonarScanner to transfer the project with the report to the SonarQube Server.
5. With CXX Custom Template Rules it's possible to extend the rule repository.
6. It is also possible to display unknown rules on the SonarQube Server.

Sample for sonar-project.properties:

sonar.cxx.pclint.reportPaths=pclint.xml

Troubleshooting

• If no results are displayed after a successful scan, check Manage Quality Profiles first.
• If you cannot find an issue under 'New code', also look under 'Overall code' to see if it is listed there.
• If scanning is failing, check items listed under Troubleshooting Configuration.
• If no issues are displayed for your source code in SonarQube, check the items listed under Troubleshooting Reports.
• In the case of incomplete scans, Detect and fix parsing errors gives advice on how to fix this.