CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
APACHE-2.0 License
Published by gyorb almost 7 years ago
--include
flags shouldn't be skipped during analysis #1237Published by whisperity almost 7 years ago
--enable-all
given to check
was not passed through to analyze
. (#1163)http://
or https://
should use port 80
and 443
respectively, if an explicit port is not given. (#1146, #1150, #1175)session_config.json
file is malformed. (#1151)Published by gyorb almost 7 years ago
CodeChecker cmd diff
) can generate HTML files with bug path #748clang-tidy
hash was incorrectly generated in some cases which caused some false new reports shown in diff view #1114All Reports
view #1118Remove cppcoreguidelines-pro-type-vararg
from the sensitive profile #1080
Two checkers are conflicting and causing the analyzer to hang, until the checkers are fixed
we removed the checker from the sensitive profile so it will not be enabled implicitly.
Published by gyorb almost 7 years ago
CodeChecker analyze
does not show analysis errors when it only re-analyze files #1043parse
command.misc-string-compare
checker was changed from HIGH to LOW #1058Published by gyorb about 7 years ago
CodeChecker parse
command. These HTML files contain the full control-flow path of the detected bugs. They can be viewed off-line without accessing the CodeChecker server or sent in an email. #1034CodeChecker cmd diff
can be called for multiple runs. That is your results in the report directory can be compared against multiple runs using wildcards. #978default
, sensitive
, extreme
. #907--saargs
and --tidyargs
parameters should not be used for cross-compilation anymore. #995CodeChecker cmd sum
command error #1004CodeChecker cmd sum
report uniqueing #1025CodeChecker cmd sum
get statistics only for the specified run names #1026CodeChecker check
command did not work properly when it was called without output directory #992Published by bruntib about 7 years ago
Published by whisperity about 7 years ago
CodeChecker 6.0 brings a huge amount of improvements to the CodeChecker infrastructure. This new major release sets forth a new direction aimed to increase the usability and effectiveness of CodeChecker as a code analysis and defect triaging system.
This new major release changed the infrastructure in a way that your current CodeChecker usage might no longer be applicable.
5
is not usable. You'll need to reanalyze your project.CodeChecker store
and cmd
subcommands now take --url
instead of --host
, --port
as per the product system, to specify on which server and in which product the commands should be executed on. For example instead of CodeChecker store --host localhost --port 8555 -n run_name
you should use CodeChecker store --url localhost:8555/Default
The check
command which wrapped over log
-analyze
-store
has been dropped. quickcheck
has been renamed to check
. An extra argument, --quiet
has been introduced to analyze
which silences analyzer output from the standard output. (#882)
analyze
now supports incremental analysis, in which the subsequent analyses of the project updates the contents of the OUTPUT_DIR
folder, without duplicating plist
files, or requiring the user to do a full analysis. (#719)--add-compiler-defaults
option detects compilation target and gcc
include directories, thus cross-compilation can be auto-detected. If --saargs
or --tidyargs
were used for the analyze sub-command to specify (cross) compilation target or include directories, they can now be replaced by a simple --add-compiler-defaults
switch, which will auto-detect these compiler settings. (#921)CodeChecker analyze
now takes an optional --capture-analysis-output
argument which makes successful analyzer invocations' output to be saved into the OUTPUT_DIR
. (#802)checkers
sub-command has been unified to the new structure, so CodeChecker checkers
now does the same as codechecker-checkers
did since version 5.8. (#856)check
command which wrapped over log
-analyze
-store
has been dropped. quickcheck
has been renamed to check
. An extra argument, --quiet
has been introduced to analyze
which silences analyzer output from the standard output. (#882)store
call finds this bug again, the status will change to unresolved, and will stay there, until the bug disappears from the analyzer output. In this moment, the status will be resolved. If a resolved bug ever appears again in the analyzer results, its status will change to reopened. A reopened bug can turn resolved or unresolved in the next check depending on its status.CodeChecker server
instance. These are separate databases each containing analysis results, managed in a new "configuration database", which is specified in the server's command-line. (#773)store
calls with the same run name can now be tagged, e.g. to point out which version of the project was used. (#885)CodeChecker
subcommands now take --url
instead of --host
, --port
as per the product system, to specify on which server and in which product the results should be stored to. (#773)CodeChecker cmd sum
sub-command now prints a more detailed breakdown on what reports are found per a particular checker. (#870)CodeChecker cmd suppress
now can only be used to import suppression data into a server. (#768)CodeChecker cmd
subcommands now take --url
instead of --host
, --port
as per the product system, to specify on which server and in which product the commands should be executed on. (#773, #873)--name
. (#856)HTTPS
. (#899)Published by whisperity about 7 years ago
The v5.10
version brings Cross--Translation-Unit analysis support to CodeChecker, along with minor bug fixes and usability improvements.
CTU is an experimental feature not yet introduced to release versions of Clang which will enable more accurate static analysis via the ability of finding code across the entire project. You can retrieve a version of Clang that is CTU-capable from Ericsson's clang fork.
To support the easy usage of CTU analysis, CodeChecker has been extended to invoke the analyzer in a CTU-compatible way.
CodeChecker analyze
now take the argument --ctu
which enables the analysis. These arguments are only available if the Clang on the system has CTU analysis capabilities.
zip
archive.CodeChecker server --stop-all
not being usable.CodeChecker server
ignoring the --sqlite
argument and always using the workspace's ~/.codechecker/codechecker.sqlite
as database.PATH
environment variable.Published by whisperity over 7 years ago
Release 5.9
brings new improvements and changes for an easier, more secure use to CodeChecker.
Previously, to store
analysis results, you needed to provide a database connection. This has been changed for both a more easier and secure usage model, which no longer requires having to know and input database credentials. A CodeChecker server
is now needed by CodeChecker store
to connect to and store runs in the database it is connected to. Because of this the command-line invocation has changed!, as follows:
CodeChecker server
needs to be started before analysis results can be stored to the database, i.e. before executing store
or check
commands.--dbaddress
, --dbport
, --dbusername
, --dbname
, --sqlite
, and --postgresql
) have been removed from check
and store
.--host
and --port
is to be used to specify which CodeChecker server accepts and stores the analysis results.CodeChecker cmd login
before calling store
or check
if your server is password protected.
log
, analyze
and store
separately, or configure your server for a longer timeout.CodeChecker cmd diff
allows diffing a run on a server and a local report folder containing plist
files.
CodeChecker cmd diff --basename release --newname ~/my_analyze_output --new
will show reports introduced in your local folder without having to store
your results to a CodeChecker server.CodeChecker cmd diff
shows the source code line where the bug was found in its output.CodeChecker store
unable to import any useful information from a report folder that did not contain metadata files alongside the plist
s.CodeChecker debug
has been removed.Published by gyorb over 7 years ago
The new release comes with many new features and bug fixes/improvements.
For a more detailed list of changes see the v5.8 milestone.
The v5.8 release tag was changed because some bug fixes we wanted to put into 5.8.
Please update the git tags if you use them. Sorry for the inconvenience.
check
, server
...)log
(only to generate a compile command json file)analyze
(run the analysis (clangsa, clang-tidy) and generate plist reports)parse
(parse the generated plist reports and print them to the stdout)store
(process the generated plist reports and store them to a database)misc-misplaced-widening-cast
misc-throw-by-value-catch-by-reference
Published by gyorb over 7 years ago
This is a bug fix release no new features were added.
See milestone for further details.
Published by gyorb almost 8 years ago
If you checked your project with the same run name multiple times just to update the results you might realized that some of the results were not removed or updated. This release should fix this problem but to work properly you might need to remove all the existing results and reanalyze your project.
--add-compiler-defaults
flagPublished by gyorb almost 8 years ago
_Many bugfixes, usability improvements and source cleanup._
Published by gyorb about 8 years ago
Published by gyorb about 8 years ago
Some improvements worth to mention:
Published by gyorb over 8 years ago
Published by gyorb over 8 years ago
Major changes:
New Features:
Bug fixes:
Improved documentation
Published by gyorb almost 9 years ago
New release with many bug fixes and new features.
Some highlights:
Published by gyorb almost 9 years ago
With the new 5.0 version we switched to rolling release.
Automatic database upgrades are supported to newer schema versions.
Published by dkrupp about 9 years ago
New features compared to 3.0