The cppncss tool analysis most of the times fails because the CPP file parsing is skipped if a MACRO or DEFINE is unknown. The tool does not use the definitions from include files and the high effort to define everything (ON_NOTIFY, END_MESSAGE_MAP, AFX_MSG_MAP, WINAPI, HRESULT, ...) makes this analysis problematic. I already disabled this part off CXX Plug-In.
Please use different tool which can handle windows sources or creates results without high effort customizing.
Check:
http://cccc.sourceforge.net/
http://cloc.sourceforge.net/
http://www.dwheeler.com/sloccount/

The RFC metric, which was previously implemented on top of the broken (and now removed) CDT-AST Infrastructure, has to be reimplemented now on top of SSLR.
Note: it doesnt need to be a Sensor, all we need is probably an according AST-visitor, which gets injected in the Squid-Sensor.
Its probably a good idea to look for an existing RFC-on-SSLR implementation in the Sonar universe and use it as a template.

Issues identified by cppcheck (v. 1.6.2) and saved in an xml file (version 1) are not being loaded to SonarQube v.4.0.

Details:
I'm prototyping adding C++ support to our SonarQube installation. We've been inspecting Java with Sonar for over a year, and are ready to start looking at our legacy C++ code as well. My SonarQube prototype installation is on my Windows machine, running against the H2 database. The C++ is on a linux machine, code accessible to Windows via NetApp as my L: drive.

I'm running cppcheck and sonar-runner from the windows side. I'm seeing some issues with include files not found, I think probably because our build is under Linux and there are symbolic links that Windows isn't understanding. That doesn't appear to be affecting the cppcheck issue, but I mention it just in case.

cppcheck run as:
>cppcheck -v -enable=warning,performance --xml --xml-version=1 -I ..\include . 2> cppcheck.xml

results in (snippet>

<?xml version="1.0" encoding="UTF-8"?>
<results>
<error file="BarcodePattern_sql.cxx" line="2947" id="uninitMemberVar" severity="style" msg="Member variable &apos;__pthread_cleanup_class::__cancel_type&apos; is not initialized in the constructor."/>
<error file="CircCluster.cxx" line="2960" id="uninitMemberVar" severity="style" msg="Member variable &apos;__pthread_cleanup_class::__cancel_type&apos; is not initialized in the constructor."/>
...
<error id="toomanyconfigs" severity="style" msg="The checking of the file will be interrupted because there are too many #ifdef configurations. Checking of all #ifdef configurations can be forced by --force command line option or from GUI preferences. However that may increase the checking time. For more details, use --enable=information."/>
</results>

After cppcheck is complete, I run sonar-runner.bat (v2.3). The cppcheck property is configured as

sonar.cxx.cppcheck.reportPath=L:\\sandbox\\s2009.0.0\\circ\\cppcheck.xml

The rest of the sonar-project.properties file appears to be configured well enough, as I'm getting source code and metrics such as line count, complexity, comment count loaded into SonarQube.

Running sonar-running.bat with the -X parameter gives me output including

...
15:56:24.651 DEBUG - Using pattern 'coverage-reports/overall-coverage-*.xml' to find reports
15:56:24.653 INFO  - Sensor CxxCoverageSensor done: 6 ms
15:56:24.653 INFO  - Sensor CxxCppCheckSensor...
15:56:24.654 DEBUG - Using pattern 'L:\sandbox\s2009.0.0\circ\cppcheck.xml' to find reports
15:56:24.655 INFO  - Sensor CxxCppCheckSensor done: 2 ms
15:56:24.655 INFO  - Sensor CxxPCLintSensor...
15:56:24.656 DEBUG - Using pattern 'pclint-reports/pclint-result-*.xml' to find reports
15:56:24.657 INFO  - Sensor CxxPCLintSensor done: 2 ms
...

Based on one suggestion I found searching the net, I've tried adding a full path to the cppcheck.xml results data, but it made no difference.

I have enabled all rules in C++ Sonar Way.

I'm out of things to try - why are no issues being reported?

Currently if there is not measure found in the coverage reports, the sonar dashboard reports "-". It should report 0.
Same should be done to integration and overall coverage

The following peace of code

#define A B(cf)
#define B 0x##n
A

wont get parsed by current versions of the plugin. The cause seems to be the definition of pptoken in the preprocessor grammar.

The relevant thread where ambiguity is described:
http://sonar.15.x6.nabble.com/sonar-dev-SSLR-for-C-community-Plugin-td5009119.html

The tools RATS and Vera++ are not stabile and produce problematic input for the sensors. The exception shall not crash the plug-in but create an ERROR message.
see Known limitations from Wiki

The CXX-preprocessor created token cannot be detected by check functions using AST visitor feature.
Without this information it is not possible to suppress false positives (StringLiteralDuplicatedCheck, UselessParenthesesCheck, TooManyStatementsPerLineCheck) which are related to ‘#define’ directives.
The node.getTokenOriginalValue() gives the value created (replaced) by preprocessor and for not the LITERAL from source code.
Is it possible to maintain the original value or add an attribute to indicate the creator?

Implement an SSLR based rule for tracking files which could be parsed.

Implement a SSLR based Rule which allows to define custom checks via an XPath expression.
TODO: drop a paragraph into the dox describing the XPath checks thing.

With in the Coverage analysis module, parsing a "hit" element that exceeds a _int32 size will cause failures, and emits no useful message.
This is crippling on projects with large code base since the hit count for many central functions can rapidly exceed 2^31.
In my case an accurate hit count is not required, so truncation would be acceptable.
03:03:28.915 INFO - Parsing report '/Sonar_Test_coverage/software/coverage-reports/coverage-unit.xml'
INFO: ----------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 38:42.225s
INFO: Final Memory: 25M/2087M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
ERROR: Unable to execute Sonar
ERROR: Caused by: For input string: "2806720497"
ERROR:

A file name entry in a XML report using a simple file name without any path information (e.g. file exists in project root folder) will not be handled correctly.
The reported issues from CppCheck and Vera++ will not be considered for these files.
Root cause: org.sonar.api.resources.File.fromIOFile returns null
Hint: RATS XML reports will work because a "./" prefix is used for these kind of file names.

The finding and associating of source code to tests is quite poor right now.
The reason is that the standard JUnit report provide the location of the test via a ("full qualified", in case of Java) classname not via a filename.
To improve the situation, we have to find the test files and accociate their content with the tests.
Implementation note:
The currently favorized approach is to

1. Have the test files location be defined in the project setup
2. Have the plugin parse those files, scan for classes and find out
   the proper files.

The sonar.cxx.suffixes property doesn't work as documented. The documentation states that suffixes should be specified without a leading period ('.'), but that leads to e.g. file 'binaryh' being parsed as a source file, which ultimately causes a database exception when the contents of the binary file are written to a text database column. The workaround is to specify suffixes as e.g. ".cpp,.h". If that is the desired syntax, the documentation should be updated to reflect that, and the default suffixes list as well (which do not include leading periods either). Otherwise, the code should be changed to prepend the leading period internally.

Visual C++ provides an analysis feature with special editions (team edition or premium edition). The results from BuildLog.htm shall be stored in sonar.
more information see
http://msdn.microsoft.com/en-us/library/d3bbz7tz(v=vs.90).aspx

I successfully got cppcheck data and c++ sources to load to a test installation of SonarQube-4.0, running against the H2 database in a Windows workstation.

Now I'm trying to move the same configuration and run the same project into SonarQube-4.0, running on a linux server against a MySql database. And sonar-runner is failing, with a NullPointerException:

$ sonar-runner -e -X > sonar_201312121319.log
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:91)
        at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69)
        at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
        at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102)
        at org.sonar.runner.api.Runner.execute(Runner.java:90)
        at org.sonar.runner.Main.executeTask(Main.java:70)
        at org.sonar.runner.Main.execute(Main.java:59)
        at org.sonar.runner.Main.main(Main.java:41)
Caused by: java.lang.NullPointerException
        at org.sonar.plugins.cpd.SonarEngine.getFullKey(SonarEngine.java:93)
        at org.sonar.plugins.cpd.SonarBridgeEngine.analyse(SonarBridgeEngine.java:97)
        at org.sonar.plugins.cpd.CpdSensor.analyse(CpdSensor.java:80)
        at org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:72)
        at org.sonar.batch.phases.PhaseExecutor.execute(PhaseExecutor.java:114)
        at org.sonar.batch.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:150)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.scan.ProjectScanContainer.scan(ProjectScanContainer.java:190)
        at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:185)
        at org.sonar.batch.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:178)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.scan.ScanTask.scan(ScanTask.java:58)
        at org.sonar.batch.scan.ScanTask.execute(ScanTask.java:45)
        at org.sonar.batch.bootstrap.TaskContainer.doAfterStart(TaskContainer.java:82)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.bootstrap.BootstrapContainer.executeTask(BootstrapContainer.java:155)
        at org.sonar.batch.bootstrap.BootstrapContainer.doAfterStart(BootstrapContainer.java:143)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.bootstrapper.Batch.startBatch(Batch.java:92)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:74)
        at org.sonar.runner.batch.IsolatedLauncher.execute(IsolatedLauncher.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:87)
        ... 9 more

Following along in the log, it looks like it is failing attempting to load data from a file reached via symlink. (I skipped those when prototyping under windows)

...
13:23:11.695 DEBUG - Populating index from /exlibris/sd/2009.0.0/release/include/opacrq.h
13:23:11.705 DEBUG - Populating index from /exlibris/sd/External.gcc/openssl-1.0.0e/include/openssl/aes.h
13:23:11.713 DEBUG - Release semaphore on project : org.sonar.api.resources.Project@6d6b6e88[id=11773,key=com.exlibris.voyager:cxx,qualifier=TRK], with key batch-com.exlibris.voyager:cxx

I know that ...include/openssl is a symlink created in our build environment.

How do I manage symlinks here? I can't remove them from the workspace, or the build running there will fail. For the level of code quality analysis we're trying to get to right now, I'm OK with just ignoring those files if there's a way to exclude directories. I haven't tried adding them to sonar.cxx.include_directories yet, although I have a hard time imagining that adding them there will prevent the crawler walking the directory tree from finding the symlink anyway.

thanks for any help.

Hi guys,

Have you seen these features of git hub?

https://api.github.com/repos/wenns/sonar-cxx/releases
V09 195 downloads
And
https://github.com/wenns/sonar-cxx/graphs/traffic

It seems there is mention of the plugin in the wiki.komax.org :)

Discussion thread
http://sonar.15.x6.nabble.com/Problem-with-the-Valgrind-report-td5012766.html#a5012767

Force inclusion of a header file for all checked/parsed files. This is a option most static code analyser support.

Causes filename to be implicitly included at the beginning of each file. This method of “force-including” files is sometimes a useful way of defining macros, types or compiler built-ins.

Be used for example when checking the Linux kernel, where autoconf.h needs to be included for every file compiled. Works the same way as the GCC -include option.

Example:

cppcheck --include="myheader.h" ...
qacpp -fi myheader.h ...
...

Proposal:

sonar.cxx.forceinclude=myheader.h

It would be helpful to separate

• System Header Files
• System Macros
• Project Header Files
• Project Macros

Typically system header files and macros are stable and do not change on an environment. Only the project header files and macros are changing in each project.

This would make it possible to set system related stuff only once.

By the way: Which macros are predefined by the plugin at the moment (DATE, TIME, FILE, LINE, ...)?

Proposal:

sonar.cxx.systemIncludes=...
sonar.cxx.systemDefines=...
sonar.cxx.projectIncludes=...
sonar.cxx.projectDefines =...

Duplication detection doesnt work for files which use line continuations (backslash). This is due to a limitation of the Tokenizer from PMD, which is currently used.
This should be fixed by providing an own Tokenizer based on SSLR.

Hi,

Feature request to add more detailed error information (verbose) from cppcheck to rules.

Information could be get by calling:
cppcheck --errorlist --xml-version=2

Regards,
Günter

Support for Intel Inspector via the external rules mechanism. Comes as a convert script which adapts the output to Sonar's needs and a rules definitions file.

This adds a SSLR based parser and AST scanner to the plugin. This is critical for further improving the plugin.

Hi,

is there a way to disable the SSLR parser and just import sources and violations from external tools (like pclint and bullseye coverage etc.) ? We got a very large code base and I am not ready to fix includepaths and MS custom types now.

Thanks,

Stefan

Hi,

Feature request to add original severity of cppcheck to SonarQube rules. After mapping of different file formats this information is missing.

Exampe:

<results>
<error id="AssignmentAddressToInteger" severity="portability" msg="Assigning a pointer to an integer is not portable. ... >
<error id="incompleteArrayFill" severity="warning" msg="Array 'buffer' is filled incompletely. ... >
<error id="returnLocalVariable" severity="error" msg="Pointer to local array variable returned. ... >
<results>

Proposal, should result in:

• Portability: Assigning a pointer to an integer is not portable.
• Warning: Array 'buffer' is filled incompletely.
• Error: Pointer to local array variable returned.

Regards,
Günter

The analysis terminates in an uncontrolled way. A better solution is to log a warning and continue.
Samples:
Exception in thread "main" org.sonar.batch.bootstrapper.BootstrapException: org.sonar.api.utils.SonarException: Cannot feed the data into sonar, details: 'com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col
{unknown-source}]: [1,0]'
at org.sonar.runner.Runner.delegateExecution(Runner.java:210)
at org.sonar.runner.Runner.execute(Runner.java:84)
at org.sonar.runner.Main.main(Main.java:67)
Caused by: org.sonar.api.utils.SonarException: Cannot feed the data into sonar, details: 'com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}

To effectively use the sslr parser, all include files should be available during parsing (at the expense of speed). This rule is meant to aid users on detecting missing include directories during project setup and later after developers added additional include files into their source.
The rule should have a severity of info since as its more related with the plugin configuration rather than a real problem in the code

The java analysis has a nice feature to scan source code commends for well-known tags ToDo, FixMe, etc. and this shall also be available for CXX plugin.
This extension will be very helpful.

Pc-lint violations with line 0 is only logged as "PCLint warning ignored: ..." and is not saved as a violation in Sonar.
If my analysis is correct this is due to the following:

There is a check in the method processReport in CxxPCLintReportSensor that checks if a line in a pc-lint violation is 0.

If it is 0 then a log entry is created and then just continous to process the next violation.

This check is needed due to that the saveViolation method in CxxReportSensor requires the line to be greater than 0 since it calls

Violation.create(rule, resource).setLineId(line).setMessage(msg);

Hi,

Would be nice if plugin would also support Visual Studio Code Coverage reports.

Regards

Hi,

Wondering why the code checkers are own sensors with own configuration properties?
Why they are not all implemented via cxxexternal and a transformation?
What was the design decision behind this?

Regards,
Günter

The LCOM metric, which was previously implemented on top of the broken (and now removed) CDT-AST infrastructure, has to be reimplemented now on top of SSLR.
Note: it doesnt need to be a Sensor, all we need is probably an according AST-visitor, which gets injected in the Squid-Sensor.
Its probably a good idea to look for an existing RFC-on-SSLR implementation in the Sonar universe and use it as a template.

The same preprocessor warnings are repeated frequently during the analysis of a single project. A warning shall only be written once which makes the result more valuable.

10:02:30.992 WARN  - Error evaluating expression '', assuming 0
10:02:37.706 WARN  - Error evaluating expression '', assuming 0
10:02:40.000 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\aux_\include_preprocessed.hpp:37]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/aux_/preprocessed/AUX778076_PREPROCESSED_HEADER)'
10:02:41.911 WARN  - [extern\i586-WinNT5.01\include\boost\utility\result_of.hpp:199]: cannot parse included filename: BOOST_PP_ITERATE_BOOST_PP_INC(0)'
10:02:41.911 WARN  - [extern\i586-WinNT5.01\include\boost\utility\result_of.hpp:199]: cannot find the sources for '#include BOOST_PP_ITERATE()'
10:02:44.457 WARN  - Cannot decode the number '0xffffffffffffffffu' falling back to max long (9223372036854775807) instead
10:02:44.594 WARN  - [extern\i586-WinNT5.01\include\boost\function.hpp:64]: cannot parse included filename: BOOST_PP_ITERATE_BOOST_PP_INC(0)'
10:02:44.594 WARN  - [extern\i586-WinNT5.01\include\boost\function.hpp:64]: cannot find the sources for '#  include BOOST_PP_ITERATE()'
10:02:46.325 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\list.hpp:36]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/list/AUX778076_LIST_HEADER)'
10:02:46.767 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\vector.hpp:36]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/vector/AUX778076_VECTOR_HEADER)'
10:02:47.372 WARN  - Error evaluating expression '( ( ( ( ( ( ) / 100 ) % 100 ) % 100 ) * 10000000 ) + ( ( ( 0 ) % 100 ) * 100000 ) + ( ( 0 ) % 100000 ) )', assuming 0
10:02:47.394 WARN  - Error evaluating expression '( ( ( ( ( ( ) / 100 ) % 100 ) % 100 ) * 10000000 ) + ( ( ( 0 ) % 100 ) * 100000 ) + ( ( 0 ) % 100000 ) )', assuming 0
10:02:47.853 WARN  - [extern\i586-WinNT5.01\include\mc3inc\MERGECOM.H:74]: cannot find the sources for '#include <sys/socket.h>'
10:02:53.143 WARN  - Error evaluating expression '', assuming 0
10:02:59.861 WARN  - Error evaluating expression '', assuming 0
10:03:02.177 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\aux_\include_preprocessed.hpp:37]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/aux_/preprocessed/AUX778076_PREPROCESSED_HEADER)'
10:03:04.090 WARN  - [extern\i586-WinNT5.01\include\boost\utility\result_of.hpp:199]: cannot parse included filename: BOOST_PP_ITERATE_BOOST_PP_INC(0)'
10:03:04.090 WARN  - [extern\i586-WinNT5.01\include\boost\utility\result_of.hpp:199]: cannot find the sources for '#include BOOST_PP_ITERATE()'
10:03:06.734 WARN  - Cannot decode the number '0xffffffffffffffffu' falling back to max long (9223372036854775807) instead
10:03:06.881 WARN  - [extern\i586-WinNT5.01\include\boost\function.hpp:64]: cannot parse included filename: BOOST_PP_ITERATE_BOOST_PP_INC(0)'
10:03:06.881 WARN  - [extern\i586-WinNT5.01\include\boost\function.hpp:64]: cannot find the sources for '#  include BOOST_PP_ITERATE()'
10:03:08.674 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\list.hpp:36]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/list/AUX778076_LIST_HEADER)'
10:03:09.217 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\vector.hpp:36]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/vector/AUX778076_VECTOR_HEADER)'
10:03:09.929 WARN  - Error evaluating expression '( ( ( ( ( ( ) / 100 ) % 100 ) % 100 ) * 10000000 ) + ( ( ( 0 ) % 100 ) * 100000 ) + ( ( 0 ) % 100000 ) )', assuming 0
10:03:09.952 WARN  - Error evaluating expression '( ( ( ( ( ( ) / 100 ) % 100 ) % 100 ) * 10000000 ) + ( ( ( 0 ) % 100 ) * 100000 ) + ( ( 0 ) % 100000 ) )', assuming 0
10:03:17.721 WARN  - Error evaluating expression '', assuming 0
10:03:24.484 WARN  - Error evaluating expression '', assuming 0
10:03:26.787 WARN  - [extern\i586-WinNT5.01\include\boost\mpl\aux_\include_preprocessed.hpp:37]: cannot find the sources for '#   include BOOST_PP_STRINGIZE(boost/mpl/aux_/preprocessed/AUX778076_PREPROCESSED_HEADER)'

The current version is not able to recover from parsing errors. This results in the necessity to set up the projects accurately, providing all the include path and macro information, which may be quite tedious for real world projects.

The ability to recover from simple error conditions would increase the amount of code which can be analyzed out-of-the-box and ease the life of the user considerably.

The if expression in the following snippet

#define FOOBAR 1
#define CHECK(a, b) (( a ## b + 1 == 2))
#if CHECK(FOO , BAR)
#endif

will currently be evaluated to false. GCC does behave differently.
Cannot find evidence in the standard for which behavior is the proper one.

wenns, 27.12.2013: Right now, the module doesn't support multi-module configurations. To get there we have to:

• Think about lookup locations of reports (should they still be lookup'ed relative to the project's root, or relative to the module's root, or both?)
• (Apparently) replace ProjectFileSystem by ModuleFileSystem
• Add a sample which demonstrates a multi-module setup.

In multiproject configurations it problably tries to find related sources not in project's basedir relative directory, but some levels upper.
For me small fix did the job:

CxxReportSensor::saveViolation
file = project.getFileSystem().getBasedir().getPath() + File.separator + file;
org.sonar.api.resources.File resource =
        org.sonar.api.resources.File.fromIOFile(new File(file), project);

In the rules profiles its possible to define "Category", this category is used in the new technical debt calculation. It should be possible to update the plugin to use also the technical model. We will start categorizing these rules in the next weeks, so we can provide a initial implementation for this

Hello,

This is a request to add violations without source code dependency.

Background is, that we are using analyzer generating project violations without source code or line information. We have the need to assign this violations to the project.

As an example - Clirr plugin does this: http://docs.codehaus.org/display/SONAR/Clirr+Plugin

context.saveViolation(Violation.create(activeRule,
resource).setMessage(violation.getMessage()));

This needs to be handled to all sensors, not only for the external sensor. I think at least the pc-lint also reports violations at project level.

See also
http://sonarqube.15.x6.nabble.com/Possible-to-add-violations-without-source-code-dependency-tp5014779.html

Regards

Request to support Microsoft specific modifiers.
Other possibility is to define/remove them with macros and defines.

Some examples:

Microsoft-Specific Modifiers
http://msdn.microsoft.com/en-us/library/6bh0054z.aspx

• __based The name that follows declares a 32-bit offset to the 32-bit base contained in the declaration.
• __cdecl The name that follows uses the C naming and calling conventions.
• __declspec The name that follows specifies a Microsoft-specific storage-class attribute (http://msdn.microsoft.com/en-us/library/dabb5z75.aspx).
• __fastcall The name that follows declares a function that uses registers, when available, instead of the stack for argument passing.
• __restrict Similar to __declspec(restrict), but for use on variables.
• __stdcall The name that follows specifies a function that observes the standard calling convention.
• __w64 Marks a data type as being larger on a 64-bit compiler.
• __unaligned Specifies that a pointer to a type or other data is not aligned..
• __vectorcall The name that follows declares a function that uses registers, including SSE registers, when available, instead of the stack for argument passing.

The following calling conventions are supported by the Visual C/C++ compiler.
http://msdn.microsoft.com/en-us/library/984x0h58.aspx

• __cdecl Pushes parameters on the stack, in reverse order (right to left)
• __clrcall Load parameters onto CLR expression stack in order (left to right).
• __stdcall Pushes parameters on the stack, in reverse order (right to left)
• __fastcall Stored in registers, then pushed on stack
• __thiscall Pushed on stack; this pointer stored in ECX
• __vectorcall Stored in registers, then pushed on stack in reverse order (right to left)

Obsolete Calling Conventions (http://msdn.microsoft.com/en-us/library/wda6h6df.aspx):

• __pascal, __fortran, and __syscall

Near and Far Type Declarations

• __near, __far

Violations that pc-lint has created just to fulfil the MISRA 2004 and 2008 standard is merged into just four ID:s.
Two for required rules and two for advisory rules.
This results in that you need to drill down to each source code file to see what MISRA rules has been violated.
Solution:
Add unique MISRA 2004 and 2008 rules for PC-lint.
(All MISRA 2004 and 2008 rules that is supported by PC-lint shall be added, http://www.gimpel.com/html/misra.htm)
-Add remap feature of MISRA 2004 and 2008 violations into new sonar rules for better granularity.
-Add unit tests for MISRA parsing for testing the new remap feature

What could be the problem here ??
Below the logfile trace.
OS: Ubuntu 12.04.3 LTS (Updated)

2013.12.24 12:40:18 INFO o.s.a.Connectors HTTP connector is enabled on port 9000
2013.12.24 12:40:18 INFO o.a.c.h.Http11Protocol Initializing ProtocolHandler ["http-bio-0.0.0.0-9000"]
2013.12.24 12:40:18 INFO o.a.c.c.StandardService Starting service Tomcat
2013.12.24 12:40:18 INFO o.a.c.c.StandardEngine Starting Servlet Engine: Apache Tomcat/7.0.42
2013.12.24 12:40:19 INFO o.a.c.s.ContextConfig No global web.xml found
2013.12.24 12:40:20 INFO o.s.s.p.ServerImpl SonarQube Server / 4.0 / 2145d0b3cf5d8148b9a29ce3d186b725a0648185
2013.12.24 12:40:20 INFO o.s.c.p.Database Create JDBC datasource for jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true
2013.12.24 12:40:23 INFO o.s.s.p.DefaultServerFileSystem SonarQube home: /opt/sonar
2013.12.24 12:40:23 INFO o.s.s.p.DefaultServerFileSystem Deploy dir: /opt/sonar/web/deploy
2013.12.24 12:40:23 INFO org.sonar.INFO Install plugins...
2013.12.24 12:40:23 ERROR o.s.s.p.PlatformLifecycleListener Fail to start server
java.lang.IllegalStateException: Unable to read plugin manifest from jar : /opt/sonar/extensions/plugins/sonar-cxx-plugin-0.9.jar
<------>at org.sonar.updatecenter.common.PluginManifest.(PluginManifest.java:115) ~[sonar-update-center-common-1.8.jar:na]
<------>at org.sonar.core.plugins.PluginInstaller.extractMetadata(PluginInstaller.java:109) ~[sonar-core-4.0.jar:na]
<------>at org.sonar.server.plugins.PluginDeployer.registerPlugin(PluginDeployer.java:102) ~[PluginDeployer.class:na]
<------>at org.sonar.server.plugins.PluginDeployer.loadUserPlugins(PluginDeployer.java:97) ~[PluginDeployer.class:na]
<------>at org.sonar.server.plugins.PluginDeployer.start(PluginDeployer.java:72) ~[PluginDeployer.class:na]
<------>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_27]
<------>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.6.0_27]
<------>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.6.0_27]
<------>at java.lang.reflect.Method.invoke(Method.java:622) ~[na:1.6.0_27]
<------>at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1015) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1008) ~[picocontainer-2.14.3.jar:na]
<------>at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:766) ~[picocontainer-2.14.3.jar:na]
<------>at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:91) ~[sonar-plugin-api-4.0.jar:na]
<------>at org.sonar.server.platform.Platform.startDatabaseConnectors(Platform.java:245) ~[Platform.class:na]
<------>at org.sonar.server.platform.Platform.init(Platform.java:193) ~[Platform.class:na]
<------>at org.sonar.server.platform.PlatformLifecycleListener.contextInitialized(PlatformLifecycleListener.java:35) ~[PlatformLifecycleListener.class:na]
<------>at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4939) ~[tomcat-embed-core-7.0.42.jar:7.0.42]
<------>at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5434) ~[tomcat-embed-core-7.0.42.jar:7.0.42]
<------>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-7.0.42.jar:7.0.42]
<------>at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559) ~[tomcat-embed-core-7.0.42.jar:7.0.42]
<------>at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549) ~[tomcat-embed-core-7.0.42.jar:7.0.42]
<------>at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) ~[na:1.6.0_27]
<------>at java.util.concurrent.FutureTask.run(FutureTask.java:166) ~[na:1.6.0_27]
<------>at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) ~[na:1.6.0_27]
<------>at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.6.0_27]
<------>at java.lang.Thread.run(Thread.java:701) ~[na:1.6.0_27]
Caused by: java.util.zip.ZipException: error in opening zip file
<------>at java.util.zip.ZipFile.open(Native Method) ~[na:1.6.0_27]
<------>at java.util.zip.ZipFile.(ZipFile.java:132) ~[na:1.6.0_27]
<------>at java.util.jar.JarFile.(JarFile.java:151) ~[na:1.6.0_27]
<------>at java.util.jar.JarFile.(JarFile.java:115) ~[na:1.6.0_27]
<------>at org.sonar.updatecenter.common.PluginManifest.(PluginManifest.java:110) ~[sonar-update-center-common-1.8.jar:na]
<------>... 31 common frames omitted
<-- Wrapper Stopped

In an earlier version of the CXX plugin, the coverage analyzer would log a warning message if it encountered a file in the gcovr report that it didn't know about. That has been changed to the debug level, causing silent failures unless running at log level debug. This should be a warning or error, since it is not likely to be what the person running the analysis expects.

The latest updates of sonar-cxx-plugin-0.2-SNAPSHOT create more exceptions than sonar-cxx-plugin-0.1
Exception in thread "main" org.sonar.batch.bootstrapper.BootstrapException: java.lang.IllegalArgumentException: Can't set empty/null name.
at org.sonar.runner.Runner.delegateExecution(Runner.java:210)
at org.sonar.runner.Runner.execute(Runner.java:84)
at org.sonar.runner.Main.main(Main.java:67)
Caused by: java.lang.IllegalArgumentException: Can't set empty/null name.
at org.sonar.plugins.cxx.ast.cpp.impl.internal.CommonName.validateString(CommonName.java:67)
at org.sonar.plugins.cxx.ast.cpp.impl.internal.CommonName.(CommonName.java:34)
at org.sonar.plugins.cxx.ast.cpp.impl.internal.CommonType.(CommonType.java:32)
at org.sonar.plugins.cxx.ast.cpp.impl.CppMethodArgument.(CppMethodArgument.java:37)
at org.sonar.plugins.cxx.ast.visitors.CxxCppMethodArgumentVisitor.leave(CxxCppMethodArgumentVisitor.java:61)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTParameterDeclaration.accept(CPPASTParameterDeclaration.java:103)
at org.sonar.plugins.cxx.ast.visitors.CxxCppClassMethodVisitor.visit(CxxCppClassMethodVisitor.java:61)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTParameterDeclaration.accept(CPPASTParameterDeclaration.java:90)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTFunctionDeclarator.postAccept(CPPASTFunctionDeclarator.java:219)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTDeclarator.accept(CPPASTDeclarator.java:186)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTSimpleDeclaration.accept(CPPASTSimpleDeclaration.java:99)
at org.sonar.plugins.cxx.ast.visitors.CxxCppClassVisitor.visit(CxxCppClassVisitor.java:79)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTSimpleDeclaration.accept(CPPASTSimpleDeclaration.java:89)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTCompositeTypeSpecifier.accept(CPPASTCompositeTypeSpecifier.java:180)
at org.sonar.plugins.cxx.ast.visitors.CxxCppTranslationUnitVisitor.visit(CxxCppTranslationUnitVisitor.java:58)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTCompositeTypeSpecifier.accept(CPPASTCompositeTypeSpecifier.java:163)
at org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTSimpleDeclaration.accept(CPPASTSimpleDeclaration.java:96)
at org.eclipse.cdt.internal.core.dom.parser.ASTTranslationUnit.accept(ASTTranslationUnit.java:283)
at org.sonar.plugins.cxx.ast.CxxCppParsedFile.(CxxCppParsedFile.java:51)
at org.sonar.plugins.cxx.ast.CxxCppParser.parseFile(CxxCppParser.java:60)
at org.sonar.plugins.cxx.cohesion.CxxCohesionSensor.parseFile(CxxCohesionSensor.java:56)
at org.sonar.plugins.cxx.utils.CxxFileSensor.analyse(CxxFileSensor.java:48)
at org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:64)
at org.sonar.batch.phases.Phases.execute(Phases.java:93)
at org.sonar.batch.bootstrap.ProjectModule.doStart(ProjectModule.java:139)
at org.sonar.batch.bootstrap.Module.start(Module.java:83)
at org.sonar.batch.bootstrap.BatchModule.analyze(BatchModule.java:131)
at org.sonar.batch.bootstrap.BatchModule.doStart(BatchModule.java:121)
at org.sonar.batch.bootstrap.Module.start(Module.java:83)
at org.sonar.batch.bootstrap.BootstrapModule.doStart(BootstrapModule.java:121)
at org.sonar.batch.bootstrap.Module.start(Module.java:83)
at org.sonar.batch.Batch.execute(Batch.java:104)
at org.sonar.runner.Launcher.executeBatch(Launcher.java:79)
at org.sonar.runner.Launcher.execute(Launcher.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.sonar.runner.Runner.delegateExecution(Runner.java:207)
... 2 more

This is a pre-condition to migrate Java-plugin checks. Unfortunately a large number of the current unit tests have to be adapted.
I think we can remove the Vera++ sensor and replace it with checks after this was done.

New versions of CppCheck are available and some rules were updated/added.
The attached rules shall be added to \sonar-cxx-plugin\src\main\resources\cppcheck.xml file.

After running cppcheck, RATS, and cppncss, I still can't seem to get total number of classes to be generated using the C++ plugin. I would have thought cppncss was going to do this.
This may be a user configuration issue on my side, but I'm not sure.

The property sonar.cxx.defines is there to inject macros into the analysis. This doesnt work anymore since Sonar 3.7.x for macros with parameters, because commas cannot be escaped. Example:

sonar.cxx.defines=MACRO(a,b) body, MACRO2(a, b) body2

would not be processed correctly because the escaping of commas with backslashes stopped working.