C/C++ SonarQube plugin based on Clang

The big challenge to develop a sonarqube plugin for C/C++ is to use the good parser, producing a parser for such a grammar is much harder.  What makes C++ really hard is certain rules relating to declarations/definitions, name lookup (consider argument-dependent name lookup) implicit conversion rules, and of course the resolution of templates.

It’s proven now that Clang is a mature compiler For C and C++ like GCC and Microsoft compilers, but what makes it special is the fact that it’s not just a compiler. It’s also an infrastructure to build tools. Thanks to its library based architecture: which makes the reuse and the integration of the provided functionality more flexible and easier to integrate into other projects. Thus, Clang  is the good candidate to develop a C/C++ sonar plug in.

The C/C++ SonarQube plugin based on Clang and CppDepend is free for open source contributors and for universities.

Plugin Features

  • Standard metrics: 

    There are many ways to measure a code base. The most common way is to count the number of lines of code. This metric gives a rough estimation of the effort that had been put in to develop the code base. It also allows you obtain a quality level agreement by pinpointing fat methods and classes.

    The plugin counts the number of lines of code. It also comes with other standard code metrics. Some of them are related to your code organization (the number of classes or namespaces, the number of methods declared in a class…), some of them are related to the code quality (complexity, percentage of comments, issues,…).

  • Code duplication: The duplications are detected by the CPD tool embedded in sonarqube.
  • Coverage: The plugin load the coverage result from Cobertura and Microsoft Visual Studio XML result files.

And the metrics are available from the Design category:

  • CppDpeend rules repository: After defining the sonar.cppdepend.cdproj in the sonar.properties file, the cppdepend rules repository will be added to the sonar rules.
  • cppcheck rules repository: cppcheck is a powerful tool to detect C/C++ issues, it’s embeded in CppDepend and all the cppcheck rules are added to the sonar rules.

  • CppDepend Widgets: The CppDepend sonar plugin provides some useful widgets to explore the CppDepend results:
    • Class Metrics widget: CppDepend calculate many interesting class metrics related to their design and implementation. Some of these metrics could be discovered by this widget. 

  • CQLinq queries widget: CQLinq is a powerful feature to create easily coding rules. To explore the results of the CQLinq queries, you have to create a CQLinq group named “Sonar Queries” in your jdproj file and add to it your queries:

And add the Queries Widget in your sonar dashboard:

  • CppDepend report widget: 

With CppDepend you can customize your report as described here. To make this report accessible from sonar you have to pass these two arguments to SonarRunnerForCppDepend:

  • sonar.cppdepend.deploymentPath: Directory path where the cppdepend report will be copied.
  • sonar.cppdepend.deploymentUrl: URL of the directory where the cppdepend report is copied.
  • Abstractness vs Instability widget: The Abstractness vs Instability diagram is very useful to detect the lack of abstractness in the most used projects. You can refer here for more details about this diagram. As it is described before for the CppDepend report widget, you have to define sonar.cppdepend.deploymentPath and sonar.cppdepend.deploymentUrl arguments. 

Leave a Reply

Your email address will not be published.