Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cgo: cannot integrate with sonarcloud #56706

Open
KantarBruceAdams opened this issue Nov 11, 2022 · 4 comments
Open

cgo: cannot integrate with sonarcloud #56706

KantarBruceAdams opened this issue Nov 11, 2022 · 4 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@KantarBruceAdams
Copy link

I have been adding support for static analysis using sonar to all our repositories including those containing go.
I have fun into a problem with the use of cgo - see https://community.sonarsource.com/t/how-to-handle-cgo/75610

sonar supports vanilla go just fine but is confused by C files that are compiled using cgo directives.

It supports two ways to get information about C files.

  1. A build wrapper which acts a bit like strace and traps build commands
    or
  2. It can import compile-commands.json files produced by for example CMake when compiling C or C++ code.

Neither of these work with cgo (see linked sonar issue for details).
As a workaround I have to compile C files some other way and pass that information to sonar.

Obviously this is a limitation/bug in sonar and not golang.

I am raising it here as relates to interoperating with third party tools.
This is not a bug report but might lead possibly lead to feature request.

I think perhaps the tool suite needs something that will list C source files consumed as part of the build.
One solution would be something that generates a well known format like for example "compile-commands.json"
or which could be used to contruct one.

In #36995 (comment)
the suggestion is made to use go build -x or go list --json

Neither provide information about the C files consumed by cgo in a useful form.
(Although interestingly both quote warnings produced by the compiler).

Although cgo seems to use the host C compiler under the hood for this (on my linux box it uses gcc libraries anyway) it is not as simple "gcc " so it is not picked up by the build-wrapper.
Likewise the names of the C source files do not appear in go list --json

Grepping for // #include "my_c_file.c"
is not sufficient as it does not take #includes in the included file into account.

What version of Go are you using (go version)?

1.17

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="linux"
@seankhliao
Copy link
Member

go list has

        CFiles          []string   // .c source files
        CXXFiles        []string   // .cc, .cxx and .cpp source files

@KantarBruceAdams
Copy link
Author

go list has

        CFiles          []string   // .c source files
        CXXFiles        []string   // .cc, .cxx and .cpp source files

This does not appear for me. How is it supposed to work?

@KantarBruceAdams KantarBruceAdams mentioned this issue Nov 11, 2022
Closed
@ianlancetaylor
Copy link
Contributor

Unfortunately I don't think that will help. The CFiles field will include files that are part of the package source code. It won't include files that are generated by cgo.

But what might work is setting CC to a program that does whatever sonar needs and also compiles the file via the usual C compiler.

@mknyszek mknyszek added this to the Backlog milestone Nov 11, 2022
@mknyszek mknyszek added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 11, 2022
@mknyszek
Copy link
Contributor

CC @golang/compiler @golang/runtime

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@mknyszek @ianlancetaylor @seankhliao @KantarBruceAdams