A C&C++ tour of SonarLint for VS Code

by abbas sabra and geoffray adde|

    VS Code has been gaining popularity for C and C++ development. We are happy to announce that finally, we will be able to help you write clean C and C++ code in VS Code.

    In this blog post, we will take you on a quick tour to discover the essentials of SonarLint for VS Code. We hope you enjoy the ride!

    All you need is a Compilation Database

    That’s all it takes to configure the analysis. Compilation databases are pretty standard. So, you may already generate one for your project. If not, here are a few hints to help.

    You can configure your compilation database in 3 ways:

    • By using the SonarLint notification
    • Through SonarLint embedded action
    • By manually assigning the `sonarlint.pathToCompileCommands` option in the settings to the full path of the compilation database.

    You can also use the SonarLint embedded action to switch quickly between different configurations.

    VSCode SonarLint C++ project configuration

    It is alive!

    SonarLint is alive. It is constantly watching your code for you. It automatically analyzes your code as you type and raises issues as soon as they are detected.
    All the relevant information and fixes are there when you need them. No need to ask for them; they come to you.

    VSCode SonarLint C++ code analysis as-you-code

    The rule

    The first step to fixing an issue is understanding its corresponding rule.
    For certain rules, the title is enough to understand the rule; for others, you may want to get more information. Here, SonarLint helps you by making the rule description quickly accessible from the issue. The description contains the motivation behind the rule, examples of code breaking the rule, and good ways to fix the code.

    VSCode SonarLint C++ rule description

    The issue

    Once the rule is clear, you can see where and how the issue unfolds in your code. Understanding the issue can quickly become complex in some cases:

    • If the issue depends on a hidden context, for example, a function prototype written in another file.
    • When the issue describes a path-sensitive bug where you have to understand a long cross-functional control flow, for example, when a `nullptr` is initialized in one function and dereferenced in another. 

    To solve this problem, SonarLint provides multiple issue locations when needed.

    VSCode SonarLint C++ issue with locations

    … and the fix

    Finally, comes the time to fix the issue. SonarLint helps you by showing you how to write fixes. As explained earlier, all rules have generic fix suggestions in their description.
    Quick fixes are also available to fix issues automatically for specific rules and situations. They allow you to learn while coding, making you faster in fixing and improving your code.

    VSCode SonarLint C++ quick fix

    That’s all, folks!

    Of course, there is more to SonarLint; there are many other features for you to discover, for example:

    • Rule enabling and disabling
    • Connected mode to SonarQube and SonarCloud. This allows synchronizing which rules run and what issues are shown in your SonarLint, allowing a developer team to share clean code information and practices straight in their IDE.

    To get started, check out our technical documentation. Also, If you use other IDEs to write C or C++, SonarLint is waiting for you in CLion, Eclipse, and Visual Studio, too.

    If you run into any issues or would like to provide feedback, please reach out to us on our community forum.