cannot find the sources for '#include <stdio.h>', ' ' is not declared as multi-values/property set

[spaceneurocruzz]

I tried to use SonarQube with C#, and it works out fine. Now I would like to try it on C, so I add the sonar-c-plugin into my SonarQube(docker), as the tutorial said. However, I kept encountering the problem when running sonar scanner.

My version is:

• c plugin version 1.1.0
• SonarQube version 7.1
• Sonar Scanner 3.2.0.1227
• Environment: Win7 and Ubuntu 16.4 (both tried, and failed)

Source code file:

#include <stdio.h>

int main(void)
{
	printf("hello world");
}

Command:
C:\SonarScannerC\bin\sonar-scanner.bat -Dsonar.scm.disabled=true -X

Log:

14:31:11.766 INFO: Sensor C (Community) SquidSensor [c]
14:31:11.788 WARN: Property 'sonar.c.includeDirectories' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated.
14:31:11.789 WARN: Property 'sonar.c.forceIncludes' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated.
14:31:11.789 WARN: Property 'sonar.c.cFilesPatterns' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated.
14:31:11.848 DEBUG: global settings for: 'C:\src\new\main.c'
14:31:11.850 DEBUG: Parse 'C:\src\new\main.c' as C file, ends in '*.c'
14:31:11.856 WARN: [C:\src\new\main.c:1]: cannot find the sources for '#include <stdio.h>'
14:31:11.867 DEBUG: API File: main.c
14:31:11.867 DEBUG: Header file suffixes: [.h]
14:31:11.868 DEBUG: finished preprocessing 'C:\src\new\main.c'
14:31:11.878 DEBUG: 'main.c' generated metadata  with charset 'x-windows-950'
14:31:11.883 DEBUG: Not enough content in 'main.c' to have CPD blocks, it will not be part of the duplication detection 
14:31:11.896 DEBUG: CxxFileLinesVisitor: '/C:/src/new/main.c'
14:31:11.897 DEBUG:    lines:           '6'
14:31:11.897 DEBUG:    executableLines: '[5]'
14:31:11.897 DEBUG:    linesOfCode:     '[3, 5]'
14:31:11.898 DEBUG:    linesOfComments: '[]'

sonar-scanner.properties:
(I tried to add lib it said "cannot find" as possible)

Win7: sonar.c.library.directories=C:\MinGW\include

Ubuntu: sonar.c.includeDirectories=/usr/include,/usr/include/x86_64-linux-gnu,/usr/include/c++/5/tr1,/usr/include/linux,/usr/include/c++/5

In the end, it said EXECUTION SUCCESS. There are codes pushed on SonarQube but there's no result analysis on it.
Could you please help me figure it out?

Thanks a lot!

[ivangalkin]

Hi @spaceneurocruzz and thank you for reaching out,

there are several aspects related to your issue:

Why you don't see any results:

1. your code example doesn't contain any errors, so obviously there will be no issues raised on the corresponding project. Does the SonarQube UI visualizes the source code or your project (http://sonarserver/ -> ProjectName -> "Code" tab). If no - you have some general setup problems. You might want to take a look at

• https://docs.sonarqube.org/display/SONAR/Analysis+Parameters
• https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Supported-configuration-properties

2. sonar-cxx implements several static code analysis rules. Similar to other SonarQube plugins this internal analyzer is called "SquidSensor". The rules of "SquidSensor" as well as of other sensors are disable by default in sonar-cxx (there are too many of them). In order to enable them you have to follow these steps

• create a copy of the default "C++ (Community)" profile (http://sonarserver/profiles -> C++ (Community) -> SonarWay -> gear-wheel -> Copy -> name you custom profile e.g. like "ProjectName Way")
• activate relevant rules in "ProjectName Way" profile (http://sonarserver/coding_rule -> QualityProfiles -> Choose "ProjectName Way" -> Choose inactive on the same line -> Repositories -> here you will see one repository per sonar-cxx's sensor -> the rules of SquidSensor are (misleadingly) called "c++ SonarQube" -> activate rules you are interested in)
• Activated rules are now applied to each analysis you will run in the future

3. the number and the scope of SquidSensor is very limited, so the preferred way to analyze the C/C++ code with sonar-cxx is to

• choose one or may external static / dynamic code analyzer(s) from the supported list https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Running-tools
• activate relevant rules for the corresponding sensor(s) (similar to activating rules for the "SquidSensor")
• run an external static / dynamic code analyzer over your project
• import its reports by means of corresponding properties (again please see https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Running-tools)

I would highly recommend you to use external tools instead of SquidSensor.

**Why you see the the missing-include warning:
The warnings like cannot find the sources for '#include ...' have to disappear after you set the properties sonar.cxx.includeDirectories or sonar.cxx.jsonCompilationDatabase. However this warning doesn't affect the SquidSensor much and doesn't affect external sensors at all. So for the beginning please just ignore it.

We will take a look at the issue with the system includes.

[ivangalkin]

I forgot to mention, that the warnings like...

14:31:11.788 WARN: Property 'sonar.c.includeDirectories' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated.

... doesn't affect the functionality. These warnings are caused by SonarQube API update. There is already an open issues for that #1384

[spaceneurocruzz]

@ivangalkin Many thanks for your prompt reply.
Now I was able to have analysis results on Sonarqube using external tool to produce xml report for the scanner.
From the installation wiki, I didn't realize in the beginning that it requires the need of activating SquidSensor or external analyzing tools.

[ivangalkin]

@spaceneurocruzz I am glad it helped
@guwirth do we have to update the documentation?

[guwirth]

@ivangalkin think first sentence is saying that you have to run external tools?
https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Running-the-analysis

But feel free to improve the documentation. Think our docu is not the best at the moment.

[ivangalkin]

@spaceneurocruzz's quote:

From the installation wiki, I didn't realize in the beginning that it requires the need of activating SquidSensor or external analyzing tools.

We write about rules activation in the release notes, but I believe this part is missing in the documentation indeed.

[guwirth]

@ivangalkin: https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Running-the-analysis

The C++ Community plugin won't execute neither test runners nor coverage tracers nor static checkers itself. All this data has to be provided in form of reports. See Running tools.

Or what exact is missing?

[ivangalkin]

@guwirth https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Upgrade-Instructions

Ensure that a rule is enabled if you get no results. In new SQ versions the default profile is read-only. The cxx plugin does not enable all rules per default.

As far as I see the part about rules activation is mentioned in the upgrade instruction only. Neither running-the-analysis nor running-tools do contain information about the activation of sensor-specific rules