Start Free
10.6 | Analyzing source code | Languages | C/C++/Objective-C | Customizing the analysis

Was this page helpful?

Customizing the analysis

On this page

Language-specific properties

Discover and update the C/C++/Objective-C specific properties in Administration > General Settings > Languages > C/C++/Objective-C.

Analyzing test files

The scanner property sonar.tests is utilized to pinpoint the directories that contain test source files. Recognizing these test files aids the analyzers in adjusting their rules accordingly. For instance, analyzers can activate rules specific to tests and deactivate those not applicable in a testing context.

Currently, the CFamily analyzer treats main and test source files identically. As a result, the sonar.tests scanner property is not supported at this time and is disregarded by the analyzer.

To analyze test source files, they should be incorporated into the sonar.sources scanner property. In that case, please note that the test code is considered part of the overall code and counts toward the license usage.​​

Quality profiles

  • Like all other languages supported by SonarQube, C, C++, and Objective-C come with the "Sonar way" profile. This is Sonar's recommended profile, designed to fit most projects.
  • We also provide the "Mission critical" quality profile for C++. It is our recommendation for modern C++ development (C++17 and beyond) for mission-critical software. It is based on MISRA C++ 2023 and trades more constraints on your code for more code safety.

Targeted C++ standard

The analyzer targets a specific version of the C++ language to tune the rules in the activated quality profile. This reporting standard is used to:

  • Suppress rules that cannot be applied. For example, the rules that suggest using C++20 features while compiling the code with C++17.
  • Adjust rules' messages to suggest the proper fix according to the used standard. For example, a rule that suggests using std::ranges::any_of with C++20 will be tuned to suggest using std::any_of with an older standard.

In Compilation Database mode, the reporting standard defaults to the version used to compile the code. This is ideal for most projects. However, there are some edge cases where there is a need to use a reporting standard different from the compilation standard. For this reason, we provide the following scanner property to adjust the reporting standard:

sonar.cfamily.reportingCppStandardOverride=c++98|c++11|c++14|c++17|c++20|c++23

This property is only recommended for use in cases where a project has to comply with a standard older than the one it is compiled with. This can happen if:

  • The compiler doesn't allow setting a specific standard. For example, MSVC doesn't allow specifying a standard older than C++14.
  • The project wants to be compiled with the latest standard while still complying with an older one.

In AutoConfig mode, the reporting standard defaults to the latest version. In this case, we recommend setting the property if the project needs to comply with an older standard.

AutoConfig-specific properties

While AutoConfig mode automatically deduces the low-level configurations, optionally tuning some high-level configurations can be beneficial to force the analysis of specific project variants and improve its analysis quality. Those high-level configurations can be tuned through settings AutoConfig-specific properties that fall into four categories: custom preprocessor, custom analysis target, custom includes directories, and forcing a C++ language standard.

  • Set a custom preprocessor to tune which parts of the code are analyzed and which features macros are enabled or disabled.
  • Set custom targets to tune the size of types and inform the analyzer about the environment the project aims to run on. This can be especially useful for embedded projects with custom architecture.
  • Set custom includes directories to inform the analyzer about the project's private dependencies that are not part of the project directory. This can improve the quality of the analysis. By default, AutoConfig can simulate dependencies that are part of the analyzed project codebase and popular public dependencies. Note that the analysis logs contain the list of top missing dependencies.
  • Override the default C++ language standard if the project needs to comply with a standard other than the latest.

If you're interested in understanding the context in which your project is analyzed, you can activate a feature that generates a JSON file. This JSON file groups the computed analysis configuration for each analyzed C and C++ file in the project.

You can find more on those settings and how to set them in the project administration settings. From the project homepage, go to Project Settings > General Settings > Languages > C/C++/Objective-C > AutoConfig Analysis Settings.

While it is recommended and easier to set these properties from the UI, they can be set from the scanner side. For example, in sonar-project.properties:

# Set a multiline custom preprocessor to disable C++ exceptions and define a `custom_macro` to 1
sonar.cfamily.customPreprocessor=#undef __cpp_exceptions\n#define custom_macro 1\n

# Set custom targets, possible values are listed in the UI
# This is equivalent to Clang command line argument: "-target aarch64-pc-linux-gnu"
sonar.cfamily.customTargetArch=aarch64
sonar.cfamily.customTargetVendor=pc
sonar.cfamily.customTargetSystem=linux
sonar.cfamily.customTargetEnv=gnu

# Set comma-seperated relative or absolute custom includes directories for C and C++
sonar.cfamily.customCIncludes="/absolutePath/Cdir1","relativePath/Cdir2"
sonar.cfamily.customCppIncludes="/absolutePath/CPPdir1","relativePath/CPPdir2"

# Override the default C++ language standard with c++14
sonar.cfamily.reportingCppStandardOverride=c++14

Note that you don’t need to worry about these properties by default. An analysis quality score is computed and printed as part of the analysis log. The score represents the percentage of the Analysis scope that the analyzer understood. A UI warning is raised when the quality score is considered too low, suggesting providing the AutoConfig-specific properties or moving from AutoConfig to Compilation Database mode.

Analysis Cache

The C/C++/Objective-C analyzer uses the analysis cache mechanism to perform incremental analysis. 

Incremental analysis is activated by default and uses server cache storage. It's possible to change the cache storage to the local file system.

You should consider changing the cache storage to the local filesystem when:

  • The server cache size becomes a concern.
  • You want to optimize the cache lifecycle based on your project workflow.
    In particular, if you have long-living pull request branches, you may want to persist the cache for each pull request analysis.

With the filesystem cache, you define a path to the cache. The analyzer loads the cache provided in this directory at the beginning of the analysis and overwrites it at the end. Persisting this directory at the end of the analysis, and loading the cache of the most relevant analysis at the beginning becomes the responsibility of the CI configuration. For example, for the first analysis of a pull request branch, a good option is usually to load the target branch cache to the location of the pull request branch analysis cache.

To configure the filesystem cache:

  1. Set the sonar.cfamily.analysisCache.mode property to fs (filesystem) on your CI/CD host (the default value is server for server-side cache). See the corresponding SonarScanner section for more information about the setup methods.
  2. To set the path to the cache, use the sonar.cfamily.analysisCache.path property in your CI process configuration.

Parallel code scan

By default, the analyzer tries to parallelize the analysis of compilation units; it spawns as many jobs as the machine's logical CPUs allow.

If required, the number of scheduled parallel jobs can be customized by configuring the property sonar.cfamily.threads=n at the scanner level, where n is an integer indicating the maximum number of parallel jobs.

You should consider setting the sonar.cfamily.threads property only when the desired number of logical CPUs cannot be detected automatically. A typical example is when the analysis should not consume all the available computing resources to leave room for other tasks running in parallel on the same machine.

When setting the sonar.cfamily.threads property, you should set it to a value less or equal to the number of logical CPUs available. Over-committing doesn't accelerate the analysis and can even slow it down.

Analyzing several code variants

In Compilation Database mode, you can analyze different variants of the very same version of your code (different target architectures, different build options, etc) and see aggregated results on the server. All variants are analyzed in the same environment and during the same analysis. We do not support analyzing two variants requiring the code to be built on two different machines.

You should define two properties:

  • sonar.cfamily.variants.names, which contains a comma-separated list of the names of all the variants that need to be analyzed.
  • sonar.cfamily.variants.dir, which contains a path to a folder with one subfolder per variant. Each subfolder should contain a compile_commands.json file.

These properties are mutually exclusive with sonar.cfamily.compile-commands.

The following example defines three variants:

sonar.projectKey=myFirstProject
sonar.projectName=My First C++ Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.cfamily.variants.names=Linux x64,Linux ARM,Linux ARM64
sonar.cfamily.variants.dir=compilation-databases
sonar.sourceEncoding=UTF-8
sonar.host.url=YourSonarQubeURL

And the folder structure should look like this:

Project root

|- compilation-databases

|  |- Linux ARM

|  |  |- compile_commands.json

|  |- Linux ARM64

|  |  |- compile_commands.json

|  |- Linux x64

|  |  |- compile_commands.json

...

Data from all variants will usually be aggregated when analyzing code for several variants. For instance, a particular issue was present in the previous configuration in Linux ARM and Linux ARM64 but not in Linux x64.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License