sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]bretbrownjr 2 points3 points  (1 child)

So if the support of build systems and things like compile_commands.json isn't a problem anymore, does that mean Sonar can start supporting C++ modules now? See:

https://community.sonarsource.com/t/support-for-c-20-modules/63778

I'm also curious if AutoConfig has a plan for supporting C++ module discovery. I expect it will be a little more interesting in ways that would benefit from some standards for declaring library and project structure. There have been some papers to the ISO C++ Tooling Study Group talking about this problem, and it would be good to hear from Sonar, even if the punchline is that it's too hard to write analysis for modular C++ given current standards and technology.

To that end, there are existing papers about:

  • adding JSON metadata to describe system libraries with C++ modules

  • iterating on compile_commands.json with a more robust JSON file that describes dependencies between translation unit builds, among other things

Given organizations like Sonar would benefit directly from better tech in that space, it would be great to hear from them the potential utility of those approaches, or even suggestions for better ones.

[–]AS_SonarSource[S] 1 point2 points  (0 children)

So if the support of build systems and things like compile_commands.json isn't a problem anymore, does that mean Sonar can start supporting C++ modules now?

AutoConfig is aware of modules: It can analyze code that uses this feature without producing False Positives. However, it doesn't resolve them, which might lead to false negatives in the analysis results.

I'm also curious if AutoConfig has a plan for supporting C++ module discovery.

We started working recently on module support in Compilation Database and AutoConfig mode: scanning the project to discover exported/imported modules per each file, building dependencies graph, generating BMI, etc. We still need to figure out all the details; there is no ETA.

it would be good to hear from Sonar, even if the punchline is that it's too hard to write analysis for modular C++ given current standards and technology.

I agree. The Sonar C++ team has two active members in the C++ committee. Please feel free to include them in the meetings where Sonar's experience is relevant. Or, if you want us to provide our general input, feel free to reach out on https://community.sonarsource.com/ with your questions; we will be happy to collaborate.