Recent Releases of codechecker

codechecker -

Install "requests" Python dependency #4596
[fix] Fix migration logging #4597
[fix] Add global view permission requirement for viewing products #4608
[feat] Sync group permissions with login provider to prevent out-of-sync groups. #4610
[fix] Significant speed-up for createactionsmap and start_workers #4611
Fix SeverityIcon color error #4618
[fix] Blank page on invalid session token #4622
[fix] Personal access token name fix #4628

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.26.0...v6.26.1

- Python
Published by bruntib 11 months ago

:star2: Highlights

Ouath2 based Single Sign On Authentication

CodeChecker now provides Oauth2 based user authentication through various providers. It is now possible to configure up your CodeChecker server instance to accept user logins with their Google, Microsoft or GitHub accounts. To enable this feature, you will first need to configure your CodeChecker server instance with the corresponding oauth provider and add a
new authentication method section in the codehchecker server configuration file. If the user group memberships are managed by a Microsoft Entra identity server, these memberships will be fetched by CodeChecker through the graph API.

See CodeChecker authentication document document for configuration details.

The features was implemented in the following PRs: * Implementation of Oauth of Github, Google and Microsoft by @feyruzb in https://github.com/Ericsson/codechecker/pull/4298 * integrated signum fetching and using it as optional username by @feyruzb in https://github.com/Ericsson/codechecker/pull/4517 * Add paging to the graph API query by @dkrupp in https://github.com/Ericsson/codechecker/pull/4532

Personal Access token Management

Personal access tokens are generated "passwords" which can be used to login to CodeChecker. If MultiFacor Authentication is enabled, it is the only way to authenticate through the CLI.

The personal access tokens now can be created on the GUI too, not only through the CLI.
It is accessible if you click on you user name in the top right corner.

:exclamation: Backward incompatible changes

The personal Access tokens cannot be viewed after creation. It was possible to list the values of the personal access tokens after creation, but after this version it will only be possible to view once at creation time.

:computer: CLI/Server improvements

Cache _containsnointrinsicheaders and thus speedup parse_options ~2x by @irishrover in https://github.com/Ericsson/codechecker/pull/4479
[analyzer] debug_analyzer log level for analyzer commands by @bruntib in https://github.com/Ericsson/codechecker/pull/4473
[cmd] Emit errors instead of hiding flags by @Szelethus in https://github.com/Ericsson/codechecker/pull/4465
fix(report-converter): Support null column in eslint reports by @SweetVishnya in https://github.com/Ericsson/codechecker/pull/4497
[NFC] Eliminate the "W" form of clang-tidy warnings by @bruntib in https://github.com/Ericsson/codechecker/pull/4438
[fix] Unique key constraint violation fix by @bruntib in https://github.com/Ericsson/codechecker/pull/4505
[bugfix] Don't crash if clangsa binary is missing by @Szelethus in https://github.com/Ericsson/codechecker/pull/4531
Fix serving Bad request pages in case of some HTTP errors by @Discookie in https://github.com/Ericsson/codechecker/pull/4506
[feat] Display announcement message in the CLI by @noraz31 #4535
Personal access token by @bruntib in https://github.com/Ericsson/codechecker/pull/4540
[fix] Bug report bubble display bugfix by @bruntib in https://github.com/Ericsson/codechecker/pull/4480
[analyzer] Add --use-absolute-ldpreload-path flag to log command by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4518
[fix] Apply heuristics when diagtool comes with version number by @bruntib in https://github.com/Ericsson/codechecker/pull/4515
Fix CSP when HTTPS is not enabled on the server by @Discookie in https://github.com/Ericsson/codechecker/pull/4544
[feat] Add JSCPD report converter by @noraz31 in https://github.com/Ericsson/codechecker/pull/4530
[bugfix] Pass the correct interpreter from bin/CodeChecker to the analyzers by @Szelethus in https://github.com/Ericsson/codechecker/pull/4558
[fix][report-converter] Fix hash where file was pulled from report instead of event. by @jstevens176 in https://github.com/Ericsson/codechecker/pull/4403
Utilize personal access token expiration date by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4551
Add OAuth templates, simplify OAuth configuration flow by @Discookie in https://github.com/Ericsson/codechecker/pull/4559
[ld_logger] Fix suffix match on non-absolute paths by @bruntib in https://github.com/Ericsson/codechecker/pull/4577
[feat] Implement configurable Personal Acces Token expiry by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4567
Fix return_to directive when the user is already logged in by @Discookie in https://github.com/Ericsson/codechecker/pull/4582
Restrict the SQL database creation to the config directory by @Discookie in https://github.com/Ericsson/codechecker/pull/4521
Only respond to valid endpoints on the frontend by @Discookie in https://github.com/Ericsson/codechecker/pull/4588
[feat][server] Make personal access token max expiration length configurable by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4590
Ensure the compiler has no L18Ned output by @cmorty in https://github.com/Ericsson/codechecker/pull/4562
[fix] Fix missing default value for max pers auth token. by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4593
[feat] Check if file path is absolute or not in gerrit py. by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4594

:hammer: Other

[fix] Adding run filter to router query by @cservakt in https://github.com/Ericsson/codechecker/pull/4495
[fix] Display chronological order in GUI by @bruntib in https://github.com/Ericsson/codechecker/pull/4512
fixed url strip error by @feyruzb in https://github.com/Ericsson/codechecker/pull/4516
[fix] Rename cmd modules to avoid conflict with built-in cmd by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4464
E2E tests are flaky (fix) by @xb058t in https://github.com/Ericsson/codechecker/pull/4493
Make username-password login hidable by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4537
Simplify oauth interface by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4539
[fix] dead links, typos etc. in the documentation by @NagyDonat in https://github.com/Ericsson/codechecker/pull/4526
Fix a legacy mistake in the test by @irishrover #4543
Fix issues in documentation by @gulyasgergely902 #4542
Add OWASP Top 10 guideline by @noraz31 in https://github.com/Ericsson/codechecker/pull/4482
Add chronological order column to exported HTML report by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4553
Add 6.26.0 release notes to the New Features menu by @noraz31 in https://github.com/Ericsson/codechecker/pull/4556
Check shown file when rendering error message by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4557
Fix a code duplication by @irishrover in https://github.com/Ericsson/codechecker/pull/4548
[feat] Return custom message in cli upon failed authentication by @noraz31 in https://github.com/Ericsson/codechecker/pull/4546
feat(script): Support label-tool-skip directive labels by @whisperity in https://github.com/Ericsson/codechecker/pull/4274
[refactor] Make analyzer and checker options typed by @bruntib in https://github.com/Ericsson/codechecker/pull/4566
[gui] Conditionally hide timestamp, test case and chronological order by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4574
Fix bug path node coloring by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4561
[fix][server] Fix announcement message cannot be edited as superuser by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4578
[fix] Fix the flaky tests for personal access token expiration by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4583
[fix] Emit error message when SQLite DB is not under workspace dir by @bruntib in https://github.com/Ericsson/codechecker/pull/4584
[fix] Demote product not found errors to debug in the CC logs by @noraz31 in https://github.com/Ericsson/codechecker/pull/4587
Extended tests for OAuth by @feyruzb in https://github.com/Ericsson/codechecker/pull/4533

:deciduous_tree: Environment

[tools] bump sarif-tools version from 1.0.0 to 3.0.4 by @AlexFabre in https://github.com/Ericsson/codechecker/pull/4466
[fix] Fix missing CCLIBDIR when dev_package is used by @Szelethus in https://github.com/Ericsson/codechecker/pull/4513
[test] GitHub actions upgrade to 24.04 by @bruntib in https://github.com/Ericsson/codechecker/pull/4524
Moving authlib to the mandatory requirements by @dkrupp in https://github.com/Ericsson/codechecker/pull/4522
[version] Bump python version to 3.9 by @pdgendt in https://github.com/Ericsson/codechecker/pull/4550
[docs] README.md install guide fix apt install by @barnabasdomozi in https://github.com/Ericsson/codechecker/pull/4570
Document API endpoints by @Discookie in https://github.com/Ericsson/codechecker/pull/4572
[cfg] Update clang-tidy, clangsa and cppcheck configurations by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4568
[cfg] Add unix.cstring.NotNullTerminated to default profile by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4576
Thrift upgrade by @bruntib in https://github.com/Ericsson/codechecker/pull/4581
[doc] Update checkerandanalyzer_configuration.md by @NagyDonat in https://github.com/Ericsson/codechecker/pull/4579
removing clang-diagnostic-implicit-void-ptr-cast from the sensitive p… by @dkrupp in https://github.com/Ericsson/codechecker/pull/4580
Add Thrift 0.22.0 dockerfile & add ws* to gitignore by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4585
[3pp] Upgrade portalocker version: 2.2.1 -> 3.1.1 by @bruntib in https://github.com/Ericsson/codechecker/pull/4586
Remove alpha checkers from all profiles by @bruntib in https://github.com/Ericsson/codechecker/pull/4589
Add plist documentation by @noraz31 in https://github.com/Ericsson/codechecker/pull/4565
Configure UTF-8 output encoding globally by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4463

New Contributors

@AlexFabre made their first contribution in https://github.com/Ericsson/codechecker/pull/4466
@SweetVishnya made their first contribution in https://github.com/Ericsson/codechecker/pull/4497
@xb058t made their first contribution in https://github.com/Ericsson/codechecker/pull/4493
@gulyasgergely902 made their first contribution in https://github.com/Ericsson/codechecker/pull/4537
@NagyDonat made their first contribution in https://github.com/Ericsson/codechecker/pull/4526
@barnabasdomozi made their first contribution in https://github.com/Ericsson/codechecker/pull/4570
@cmorty made their first contribution in https://github.com/Ericsson/codechecker/pull/4562

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.25.1...v6.26.0

- Python
Published by bruntib 12 months ago

codechecker - v6.26.0-rc1

:star2: Highlights

Ouath2 based Single Sign On Authentication

See CodeChecker authentication document document for configuration details.

Personal Access token Management

Personal access tokens are generated "passwords" which can be used to login to CodeChecker. If MultiFacor Authentication is enabled, it is the only way to authenticate through the CLI.

The personal access tokens now can be created on the GUI too, not only through the CLI.
It is accessible if you click on you user name in the top right corner.

:exclamation: Backward incompatible changes

The personal Access tokens cannot be viewed after creation. It was possible to list the values of the personal access tokens after creation, but after this version it will only be possible to view once at creation time.

:computer: CLI/Server improvements

Cache _containsnointrinsicheaders and thus speedup parse_options ~2x by @irishrover in https://github.com/Ericsson/codechecker/pull/4479
[analyzer] debug_analyzer log level for analyzer commands by @bruntib in https://github.com/Ericsson/codechecker/pull/4473
[cmd] Emit errors instead of hiding flags by @Szelethus in https://github.com/Ericsson/codechecker/pull/4465
fix(report-converter): Support null column in eslint reports by @SweetVishnya in https://github.com/Ericsson/codechecker/pull/4497
[NFC] Eliminate the "W" form of clang-tidy warnings by @bruntib in https://github.com/Ericsson/codechecker/pull/4438
[fix] Unique key constraint violation fix by @bruntib in https://github.com/Ericsson/codechecker/pull/4505
[bugfix] Don't crash if clangsa binary is missing by @Szelethus in https://github.com/Ericsson/codechecker/pull/4531
Fix serving Bad request pages in case of some HTTP errors by @Discookie in https://github.com/Ericsson/codechecker/pull/4506
[feat] Display announcement message in the CLI by @noraz31 #4535

:hammer: Other

[fix] Adding run filter to router query by @cservakt in https://github.com/Ericsson/codechecker/pull/4495
[fix] Display chronological order in GUI by @bruntib in https://github.com/Ericsson/codechecker/pull/4512
fixed url strip error by @feyruzb in https://github.com/Ericsson/codechecker/pull/4516
[fix] Rename cmd modules to avoid conflict with built-in cmd by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4464
E2E tests are flaky (fix) by @xb058t in https://github.com/Ericsson/codechecker/pull/4493
Make username-password login hidable by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4537
Simplify oauth interface by @gulyasgergely902 in https://github.com/Ericsson/codechecker/pull/4539
[fix] dead links, typos etc. in the documentation by @NagyDonat in https://github.com/Ericsson/codechecker/pull/4526
Fix a legacy mistake in the test by @irishrover #4543
Fix issues in documentation by @gulyasgergely902 #4542

:deciduous_tree: Environment

[tools] bump sarif-tools version from 1.0.0 to 3.0.4 by @AlexFabre in https://github.com/Ericsson/codechecker/pull/4466
[fix] Fix missing CCLIBDIR when dev_package is used by @Szelethus in https://github.com/Ericsson/codechecker/pull/4513
[test] GitHub actions upgrade to 24.04 by @bruntib in https://github.com/Ericsson/codechecker/pull/4524

New Contributors

@AlexFabre made their first contribution in https://github.com/Ericsson/codechecker/pull/4466
@SweetVishnya made their first contribution in https://github.com/Ericsson/codechecker/pull/4497
@xb058t made their first contribution in https://github.com/Ericsson/codechecker/pull/4493
@gulyasgergely902 made their first contribution in https://github.com/Ericsson/codechecker/pull/4537
@NagyDonat made their first contribution in https://github.com/Ericsson/codechecker/pull/4526

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.25.1...v6.26.0-rc1

- Python
Published by bruntib about 1 year ago

codechecker - v6.25.1

Add OWASP Top 10 guideline #4482
[fix] Bug report bubble display bugfix #4480

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.25.0...v6.25.1

- Python
Published by bruntib about 1 year ago

codechecker - 6.25.0

:star2: Highlights

## Guideline Statistics page under the statistics tab to generate SEI Cert and CWE Top 25 Compliance reports A new Guideline Statistics page is added under the statistics tab to generate SEI Cert Compliance reports.

This page shows the compliance of an analyzed program to a coding guideline (such as SEI Cert C/C++) . It shows all checkers corresponding to a guideline rule, their configuration status (on/off) and all outstanding and closed reports per guideline rule.

It is possible to generate the table into HTML and CSV format.

The first supported guidelines are SEI Cert C and C++ and CWE Top 25

Facebook Infer as a new C/C++ analyzer plugin

Besides clang-tidy, clang static analyzer, cppcheck and gcc, Facebook Infer is a well known open-source static code analyzer tool https://github.com/facebook/infer

CodeChecker will support executing this analyzer. It will not be enabled by default, but is available for testing.

PVS Studio report conversion

From now on, it will be possible to convert the reports of the https://pvs-studio.com/en/pvs-studio/ analyzer and handle them with CodeChecker. PVS-Studio Static Code Analyzer support by @feeelin in https://github.com/Ericsson/codechecker/pull/4356

:exclamation: Backward incompatible changes

Resolve checker enable/disable ambiguity by @noraz31 in #4377 and by @cservakt in #4392 CodeChecker analyze emits an error (instead of a warning) when the enabled checkers/profiles/checker prefix groups are given ambiguously. In these cases the ambiguity must be resolved. For example CodeChecker analyze -e security command is ambiguous as security is a checker group (all checkers starting with security. and a profile at the same time. Please define explicitly CodeChecker -e prefix:security if you mean the prefix group, or profile:security if you mean the security profile.

CodeChecker -e clang-diagnostic-format will give an error, because it is ambiguous if the user means the clang-diagnostic-format single checker, or all checkers starting with clang-diagnostic-format. To refer the former, the user must user checker:clang-diagnostic-format or to the latter prefix:clang-diagnostic-format.

If you have such clashing cases, you must resolve them. The following namespaces can be used prefix: - to mach checkers starting with a prefix profile: - to match a checker profile checker: - to match a single checker guideline: - to match checkers belonging to a guideline severity: - to match checkers belonging to a given severity.

The skip file handling changed! Adding a --drop-reports-from-skipped-files parameter to analyze by @dkrupp in https://github.com/Ericsson/codechecker/pull/4332 After this patch, the skip files will only skip the analysis of the listed files, but will not filter out any reports. This may result in more reports than before. By default CodeChecker used to filter out all reports from files which were on the skip list. This can hide true positive reports starting from unskipped code and ending in skipped files (typical with CTU and header related findings). This patch removes the default report filtering post processing step from CodeChecker analyze --skip SKIPFILE operation. The legacy functionality is still available with the --drop-reports-from-skipped-files parameter.
guideline:sei-cert cannot be used anymore. The sei-cert guideline profile was split to guideline:sei-cert-c for the C guideline and guideline:sei-cert-cpp for the C++ guideline. #4400
CodeChecker -e W* syntax is not supported anymore. Clang warnings only appear as clang-diagnostic-* checkers and they can be enabled using the standard checker checker on/off mechanism e.g. CodeChecker analyze -e clang-diagnostic-unused-function
The --saargs, --tidyargs and --cppcheckargs flags are now deprecated. The corresponding analyzer configuration option should be used instead, e.g. --analyzer-config clangsa:cc-verbatim-args-file=<filename>. The old flags are still working, but will be converted to the new form under the hood.

:bug: Analyzer improvements

[fix] Resolve checker enable/disable ambiguity #4392
[fix] Don't capture cc1 by the logger. by @bruntib in https://github.com/Ericsson/codechecker/pull/4300
Add -mmitigate-rop to ignored options by @noraz31 in https://github.com/Ericsson/codechecker/pull/4295
Removing alpha checkers from the security profile so it can be used in production by @dkrupp in https://github.com/Ericsson/codechecker/pull/4284
[analyzer] Adds -fno-freestanding to ignored GCC compiler flags by @ArchieAtkinson in https://github.com/Ericsson/codechecker/pull/4281
[analyzer] Disable clang-diagnostic-error checker by @cservakt in https://github.com/Ericsson/codechecker/pull/4325
[analyzer] Ignore -fno-printf-return-value by @pdgendt in https://github.com/Ericsson/codechecker/pull/4329
[anayzer] Fb infer by @stt08 in https://github.com/Ericsson/codechecker/pull/4257
[feat] Introduce cc-verbatim-args-file @bruntib https://github.com/Ericsson/codechecker/pull/4456

:computer: CLI/Server improvements

Fix trim-path-prefix functionality in HTML export by @dkrupp #4387
Automatic addition of database before connecting to it by @feyruzb #4316
Resolve paths when blaming files by @tomhughes #4357
Fix the endpoint parsing issue by @dkrupp in 8953b30f
Removing the root user creation by @dkrupp in 3bb2cbf6
[feat] Adding report annotation for json export by @cservakt in https://github.com/Ericsson/codechecker/pull/4380
[fix] Get product configuration with view permission by @bruntib in https://github.com/Ericsson/codechecker/pull/4375
CodeChecker authentication fixed by @dkrupp in https://github.com/Ericsson/codechecker/pull/4369
[fix] Forwarding --ctu-ast-mode to analyze command by @bruntib in https://github.com/Ericsson/codechecker/pull/4341
[fix] Better SQL SELECT instead of a timeout query by @bruntib in https://github.com/Ericsson/codechecker/pull/4363
Speeding up store by removing nested query by @dkrupp in https://github.com/Ericsson/codechecker/pull/4358
Environment initialization for binaries by @dkrupp in https://github.com/Ericsson/codechecker/pull/4337
[fix] Missing analyzer error by @cservakt in https://github.com/Ericsson/codechecker/pull/4330
[fix] Don't reset PATH in Cppcheck plugin by @bruntib in https://github.com/Ericsson/codechecker/pull/4320
[feat] Implicit include paths added with -idirafter by @bruntib in https://github.com/Ericsson/codechecker/pull/4315
Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" by @dkrupp in https://github.com/Ericsson/codechecker/pull/4314
[cmd] Checker name prefixes are meant along separator characters by @bruntib in https://github.com/Ericsson/codechecker/pull/4311
[fix] Support joker characters at annotation filter by @bruntib in https://github.com/Ericsson/codechecker/pull/4306
Analyzer binary dependent environment by @dkrupp in https://github.com/Ericsson/codechecker/pull/4305
[fix] Minor fixing for statistics tabs by @cservakt in https://github.com/Ericsson/codechecker/pull/4304
[fix] Don't enable checkers by suffix by @bruntib in https://github.com/Ericsson/codechecker/pull/4307
[Fix] Report sorting in unique mode by @cservakt in https://github.com/Ericsson/codechecker/pull/4294
[fix] Error when debug logging skipped actions by @bruntib in https://github.com/Ericsson/codechecker/pull/4301

:deciduous_tree: Environment

PVS-Studio Static Code Analyzer support by @feeelin in https://github.com/Ericsson/codechecker/pull/4356
Bump webpack from 5.91.0 to 5.94.0 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4334
[cfg] Add setuptools as a dependency by @bruntib in https://github.com/Ericsson/codechecker/pull/4285
Deprecate distutils by @EinarArnason in https://github.com/Ericsson/codechecker/pull/4286
Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool by @dependabot in https://github.com/Ericsson/codechecker/pull/4290
[cfg] Upgrade to pylint 3.2.4 by @bruntib in https://github.com/Ericsson/codechecker/pull/4279
[cfg] Upgrade lxml version by @bruntib in https://github.com/Ericsson/codechecker/pull/4262
Bump follow-redirects from 1.15.4 to 1.15.6 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4192

:book: Documentation updates

Modified documentation to match current procedures for changing schema by @feyruzb in https://github.com/Ericsson/codechecker/pull/4366
chore: Remove ancient, unused docs/checker_docs.md by @whisperity in https://github.com/Ericsson/codechecker/pull/4283
additional library was required for venv_dev by @stt08 in https://github.com/Ericsson/codechecker/pull/4273

:hammer: Other

[cfg] Add info for new unix.Chroot Checker by @vabridgers #4391
Add test for Disable clang-diagnostic-error checker #4325 by @noraz31 in https://github.com/Ericsson/codechecker/pull/4339
Github Actions: stop previous jobs when a new one was pushed by @stt08 in https://github.com/Ericsson/codechecker/pull/4351
Bring code borrowed from http.server in sync with upstream by @Discookie in https://github.com/Ericsson/codechecker/pull/4379
[test] Fix test with new clang version by @bruntib in https://github.com/Ericsson/codechecker/pull/4382
[cmd] Display warning instead of debug log for missing diagtool by @bruntib in https://github.com/Ericsson/codechecker/pull/4342
[test] The assertDictContainsSubset() is depreceted and removed by @bruntib in https://github.com/Ericsson/codechecker/pull/4322
[fix] fix compare_results.py sciprt by @bruntib in https://github.com/Ericsson/codechecker/pull/4319
[script] Script for querying all reports by @bruntib in https://github.com/Ericsson/codechecker/pull/4245
chore(config): Apply invariant fixes from label-tool by @whisperity in https://github.com/Ericsson/codechecker/pull/4291
[cfg] Upgrade pycodestyle to 2.12.0 by @bruntib in https://github.com/Ericsson/codechecker/pull/4264
[version] Bump up version 6.25.0 by @bruntib in https://github.com/Ericsson/codechecker/pull/4263
Highlight page added for CodeChecker 6.24.0 by @dkrupp in https://github.com/Ericsson/codechecker/pull/4260
[feat] Adding rule title column for Guideline stat @cservakt https://github.com/Ericsson/codechecker/pull/4475
[fix] CodeChecker checkers --label option:value doesn't list checkers @bruntib https://github.com/Ericsson/codechecker/pull/4471
Add CWE Top 25 guideline @noraz31 https://github.com/Ericsson/codechecker/pull/4467

New Contributors

@ArchieAtkinson made their first contribution in https://github.com/Ericsson/codechecker/pull/4281
@EinarArnason made their first contribution in https://github.com/Ericsson/codechecker/pull/4286
@pdgendt made their first contribution in https://github.com/Ericsson/codechecker/pull/4329
@stt08 made their first contribution in https://github.com/Ericsson/codechecker/pull/4351
@feeelin made their first contribution in https://github.com/Ericsson/codechecker/pull/4356
@Discookie made their first contribution in https://github.com/Ericsson/codechecker/pull/4379

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.24.4...v6.25.0

What's Changed

Update lxml to 5.3.0 by @totocaca123 in https://github.com/Ericsson/codechecker/pull/4410
[fix] Show available checker configs in all cases by @noraz31 in https://github.com/Ericsson/codechecker/pull/4407
[test] Add tests for different report hashes by @bruntib in https://github.com/Ericsson/codechecker/pull/4412
Bump express from 4.19.2 to 4.21.2 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4418
[doc] Add sarif to setup.py by @jstevens176 in https://github.com/Ericsson/codechecker/pull/4396
[feat][server] Logging: show package schema revision on startup by @jstevens176 in https://github.com/Ericsson/codechecker/pull/4398
Bump axios from 1.6.8 to 1.7.9 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4420
[fix] Validate checkers ordered with "checker" prefix by @noraz31 in https://github.com/Ericsson/codechecker/pull/4409
Bump braces from 3.0.2 to 3.0.3 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4289
[tools] Simplify static file handling in report-converter by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4423
[test] Modernize Pylint config by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4397
[Fix] Getting file counts query by @cservakt in https://github.com/Ericsson/codechecker/pull/4421
Bump nanoid from 3.3.7 to 3.3.8 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4404
Increase thrift api version to prepare for an upcoping api change by @dkrupp in https://github.com/Ericsson/codechecker/pull/4428
[fix] Proper encoding of standard output by @bruntib in https://github.com/Ericsson/codechecker/pull/4415
fix the execution environment for binaries by @dkrupp in https://github.com/Ericsson/codechecker/pull/4431
[gui] Display full filename by @bruntib in https://github.com/Ericsson/codechecker/pull/4416
[fix] Don't crash when diagtool is missing by @bruntib in https://github.com/Ericsson/codechecker/pull/4399
[debug][scripts] Add experimental script for clustering similar crashes by @gamesh411 in https://github.com/Ericsson/codechecker/pull/4161
[fix] Pylint fails on cluster_crashes by @cservakt in https://github.com/Ericsson/codechecker/pull/4436
Whisperity refactor/script/label generator tooling by @dkrupp in https://github.com/Ericsson/codechecker/pull/4439
feat(script): Automatically generate doc_url and severity from ToCs, documentations, and analyser outputs by @whisperity in https://github.com/Ericsson/codechecker/pull/4225
[fix] Guideline stat API refactoring by @cservakt in https://github.com/Ericsson/codechecker/pull/4433
Bump scikit-learn from 1.3.0 to 1.5.0 in /scripts/debugtools/crashclustering by @dependabot in https://github.com/Ericsson/codechecker/pull/4435
Bump tqdm from 4.66.1 to 4.66.3 in /scripts/debugtools/crashclustering by @dependabot in https://github.com/Ericsson/codechecker/pull/4434
Add clang-tidy yaml report converter by @noraz31 in https://github.com/Ericsson/codechecker/pull/4335
[Fix] Sorting of the statistics by @cservakt in https://github.com/Ericsson/codechecker/pull/4445
[analyzer] Add --inferargs flag by @bruntib in https://github.com/Ericsson/codechecker/pull/4447
[cmd] Add support for sarif export in parser cmd by @tgagneret-embedded in https://github.com/Ericsson/codechecker/pull/4327
Add 6.25.0 release notes to the New Features menu by @noraz31 in https://github.com/Ericsson/codechecker/pull/4454
[feat] Introduce chronological order for dynamic reports by @bruntib in https://github.com/Ericsson/codechecker/pull/4450

New Contributors

@totocaca123 made their first contribution in https://github.com/Ericsson/codechecker/pull/4410
@jstevens176 made their first contribution in https://github.com/Ericsson/codechecker/pull/4396
@tgagneret-embedded made their first contribution in https://github.com/Ericsson/codechecker/pull/4327

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.25.0-rc1...v6.25.0

- Python
Published by dkrupp about 1 year ago

codechecker - v6.24.7

The CodeChecker server in the codechecker-web docker image could not connect to LDAP servers for authentication using SSL and the authentication was not working. This was fixed.

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.24.6...v6.24.7

- Python
Published by dkrupp over 1 year ago

codechecker - v6.24.6

Update the Python version in the codechecker-web Docker image
Fix an URL parsing error in the web server Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.24.5...v6.24.6

- Python
Published by dkrupp over 1 year ago

codechecker - v6.24.5

This is a security patch release

Move from cookie-based to token-based authentication Session-based authentication is deprecated, but left in for the benefit of old CLI clients. When performing upgrade, all users will need to re-authenticate.

- Python
Published by bruntib over 1 year ago

codechecker - v6.25.0-rc1

:star2: Highlights

## Guideline Statistics page under the statistics tab to generate SEI Cert Compliance reports A new Guideline Statistics page is added under the statistics tab to generate SEI Cert Compliance reports.

It is possible to generate the table into HTML and CSV format.

The first supported guidelines are SEI Cert C and C++.

Facebook Infer as a new C/C++ analyzer plugin

Besides clang-tidy, clang static analyzer, cppcheck and gcc, Facebook Infer is a well known open-source static code analyzer tool https://github.com/facebook/infer

CodeChecker will support executing this analyzer. It will not be enabled by default, but is available for testing.

PVS Studio report conversion

:exclamation: Backward incompatible changes

Resolve checker enable/disable ambiguity by @noraz31 in #4377 and by @cservakt in #4392 CodeChecker analyze emits an error (instead of a warning) when the enabled checkers/profiles/checker prefix groups are given ambigously. In these cases the ambiguity must be resolved. For example CodeChecker analyze -e security command is ambigous as security is a checker group (all checkers starting with security. and a profile at the same time. Please define explicitly CodeChecker -e prefix:security if you mean the prefix group, or profile:security if you mean the security profile.

CodeChecker -e clang-diagnostic-format will give an error, because it is ambigous if the user means the clang-diagnostic-format single checker, or all chekcers starting with clang-diagnostic-format. To refer the former, the user must user checker:clang-diagnostic-format or to the latter prefix:clang-diagnostic-format.

If you have such clashing cases, you must resolve them. The following namespaces can be used prefix: - to mach checkera starting with a prefix profile: - to match a checker profile checker: - to match a single checker guideline: - to match checkers belonging to a guideline severity: - to match checkers belonging to a given severity.

The skip file handling changed! Adding a --drop-reports-from-skipped-files parameter to analyze by @dkrupp in https://github.com/Ericsson/codechecker/pull/4332 After this patch, the skip files will only skip the analysis of the listed files, but will not filter out any reports. This may result in more reports than before. By default CodeChecker used to filter out all reports from files which were on the skip list. This can hide true positive reports strating from unskipped code and ending in skipped files (typical with CTU and header related findings). This patch removes the default report filtering post processing step from CodeChecker analyze --skip SKIPFILE operation. The legacy functionality is still available with the --drop-reports-from-skipped-files paramer.
guideline:sei-cert cannot be used anymore. The sei-cert guideline profile was split to guideline:sei-cert-c for the C guideline and guideline:sei-cert-cpp for the C++ guideline. #4400
CodeChecker -e W* syntax is not supported anymore. Clang warnings only appear as clang-diagnostic-* checkers and the

:bug: Analyzer improvements

[fix] Resolve checker enable/disable ambiguity #4392
[fix] Don't capture cc1 by the logger. by @bruntib in https://github.com/Ericsson/codechecker/pull/4300
Add -mmitigate-rop to ignored options by @noraz31 in https://github.com/Ericsson/codechecker/pull/4295
Removing alpha checkers from the security profile so it can be used in production by @dkrupp in https://github.com/Ericsson/codechecker/pull/4284
[analyzer] Adds -fno-freestanding to ignored GCC compiler flags by @ArchieAtkinson in https://github.com/Ericsson/codechecker/pull/4281
[analyzer] Disable clang-diagnostic-error checker by @cservakt in https://github.com/Ericsson/codechecker/pull/4325
[analyzer] Ignore -fno-printf-return-value by @pdgendt in https://github.com/Ericsson/codechecker/pull/4329
[anayzer] Fb infer by @stt08 in https://github.com/Ericsson/codechecker/pull/4257

:computer: CLI/Server improvements

Fix trim-path-prefix functionality in HTML export by @dkrupp #4387
Automatic addition of database before connecting to it by @feyruzb #4316
Resolve paths when blaming files by @tomhughes #4357
Fix the endpoint parsing issue by @dkrupp in 8953b30f
Removing the root user creation by @dkrupp in 3bb2cbf6
[feat] Adding report annotation for json export by @cservakt in https://github.com/Ericsson/codechecker/pull/4380
[fix] Get product configuration with view permission by @bruntib in https://github.com/Ericsson/codechecker/pull/4375
CodeChecker authentication fixed by @dkrupp in https://github.com/Ericsson/codechecker/pull/4369
[fix] Forwarding --ctu-ast-mode to analyze command by @bruntib in https://github.com/Ericsson/codechecker/pull/4341
[fix] Better SQL SELECT instead of a timeout query by @bruntib in https://github.com/Ericsson/codechecker/pull/4363
Speeding up store by removing nested query by @dkrupp in https://github.com/Ericsson/codechecker/pull/4358
Environment initialization for binaries by @dkrupp in https://github.com/Ericsson/codechecker/pull/4337
[fix] Missing analyzer error by @cservakt in https://github.com/Ericsson/codechecker/pull/4330
[fix] Don't reset PATH in Cppcheck plugin by @bruntib in https://github.com/Ericsson/codechecker/pull/4320
[feat] Implicit include paths added with -idirafter by @bruntib in https://github.com/Ericsson/codechecker/pull/4315
Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" by @dkrupp in https://github.com/Ericsson/codechecker/pull/4314
[cmd] Checker name prefixes are meant along separator characters by @bruntib in https://github.com/Ericsson/codechecker/pull/4311
[fix] Support joker characters at annotation filter by @bruntib in https://github.com/Ericsson/codechecker/pull/4306
Analyzer binary dependent environment by @dkrupp in https://github.com/Ericsson/codechecker/pull/4305
[fix] Minor fixing for statistics tabs by @cservakt in https://github.com/Ericsson/codechecker/pull/4304
[fix] Don't enable checkers by suffix by @bruntib in https://github.com/Ericsson/codechecker/pull/4307
[Fix] Report sorting in unique mode by @cservakt in https://github.com/Ericsson/codechecker/pull/4294
[fix] Error when debug logging skipped actions by @bruntib in https://github.com/Ericsson/codechecker/pull/4301

:deciduous_tree: Environment

PVS-Studio Static Code Analyzer support by @feeelin in https://github.com/Ericsson/codechecker/pull/4356
Bump webpack from 5.91.0 to 5.94.0 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4334
[cfg] Add setuptools as a dependency by @bruntib in https://github.com/Ericsson/codechecker/pull/4285
Deprecate distutils by @EinarArnason in https://github.com/Ericsson/codechecker/pull/4286
Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool by @dependabot in https://github.com/Ericsson/codechecker/pull/4290
[cfg] Upgrade to pylint 3.2.4 by @bruntib in https://github.com/Ericsson/codechecker/pull/4279
[cfg] Upgrade lxml version by @bruntib in https://github.com/Ericsson/codechecker/pull/4262
Bump follow-redirects from 1.15.4 to 1.15.6 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4192

:book: Documentation updates

Modified documentation to match current procedures for changing schema by @feyruzb in https://github.com/Ericsson/codechecker/pull/4366
chore: Remove ancient, unused docs/checker_docs.md by @whisperity in https://github.com/Ericsson/codechecker/pull/4283
additional library was required for venv_dev by @stt08 in https://github.com/Ericsson/codechecker/pull/4273

:hammer: Other

[cfg] Add info for new unix.Chroot Checker by @vabridgers #4391
Add test for Disable clang-diagnostic-error checker #4325 by @noraz31 in https://github.com/Ericsson/codechecker/pull/4339
Github Actions: stop previous jobs when a new one was pushed by @stt08 in https://github.com/Ericsson/codechecker/pull/4351
Bring code borrowed from http.server in sync with upstream by @Discookie in https://github.com/Ericsson/codechecker/pull/4379
[test] Fix test with new clang version by @bruntib in https://github.com/Ericsson/codechecker/pull/4382
[cmd] Display warning instead of debug log for missing diagtool by @bruntib in https://github.com/Ericsson/codechecker/pull/4342
[test] The assertDictContainsSubset() is depreceted and removed by @bruntib in https://github.com/Ericsson/codechecker/pull/4322
[fix] fix compare_results.py sciprt by @bruntib in https://github.com/Ericsson/codechecker/pull/4319
[script] Script for querying all reports by @bruntib in https://github.com/Ericsson/codechecker/pull/4245
chore(config): Apply invariant fixes from label-tool by @whisperity in https://github.com/Ericsson/codechecker/pull/4291
[cfg] Upgrade pycodestyle to 2.12.0 by @bruntib in https://github.com/Ericsson/codechecker/pull/4264
[version] Bump up version 6.25.0 by @bruntib in https://github.com/Ericsson/codechecker/pull/4263
Highlight page added for CodeChecker 6.24.0 by @dkrupp in https://github.com/Ericsson/codechecker/pull/4260

New Contributors

@ArchieAtkinson made their first contribution in https://github.com/Ericsson/codechecker/pull/4281
@EinarArnason made their first contribution in https://github.com/Ericsson/codechecker/pull/4286
@pdgendt made their first contribution in https://github.com/Ericsson/codechecker/pull/4329
@stt08 made their first contribution in https://github.com/Ericsson/codechecker/pull/4351
@feeelin made their first contribution in https://github.com/Ericsson/codechecker/pull/4356
@Discookie made their first contribution in https://github.com/Ericsson/codechecker/pull/4379

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.24.4...v6.25.0-rc1

- Python
Published by bruntib over 1 year ago

codechecker - v6.24.4

This release fixes a bug about permission settings: - [fix] Get product configuration with view permission #4375 Users with admin rights couldn't get product configuration page for changing product configuration or setting user permissions.

- Python
Published by bruntib over 1 year ago

codechecker - v6.24.3

This release fixes an authentication issue:

CodeChecker authentication fixed #4369
Version 6.24.2 introduced the super_user field in the server_config.json. If this field was missing from the config file, the authentication did not work for any user.

- Python
Published by dkrupp over 1 year ago

codechecker - v6.24.2

This release contains security vulerability fixes. It is highly recommended to upgrade to this as soon as possible.

1) [fix] Removing the root user creation 3bb2cbf61c868ef34a1cb180a56d0b83f54074d4 Backward incompatible change: The built-in root user generated at CodeChecker server start with CodeChecker --reset-root ... has been disabled. Instead, the user can give SUPER_USER permission to an existing user in the server_config.json For further details, see https://github.com/Ericsson/codechecker/blob/master/docs/web/user_guide.md#initial-super-user

2) Fix the endpoint parsing issue 8953b30f6d17597635ec59bb943683aacb216619 CodeChecker web server has accepted some invalid URLs. The URL parsing has been hardened.

- Python
Published by dkrupp over 1 year ago

codechecker - v6.24.1

:star2: Highlights

Standard library handling change

GCC has implicit include paths that are forwarded to Clang. Until now these paths were added with -isystem flag, but sometimes the priority of this is too high: https://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html The implicit include paths should be searched the last, so -isystem has been changed to -idirafter. In case of potential backward compatibility break --add-gcc-include-dirs-with-isystem has been introduced for "CodeChecker analyze" command which reverts this change.

`ld_logger` environment change

CodeChecker log command uses the LD_PRELOAD environment variable for collecting the build commands. This environment variable relies on LD_LIBRARY_PATH which tells where to find the .so file set in LD_PRELOAD. Some build systems overwrite the value of LD_LIBRARY_PATH and for this reason CodeChecker fails to collect build commands. A solution to this problem was to fill LD_PRELOAD with an absolute path. However, this solution doesn't work when the analyzed project is built for multiple target architectures (e.g 32 and 64 bits), since CodeChecker sets a single absolute path based on the host architecture. If the project's build system is resetting LD_LIBRARY_PATH, then the workaround solution is to extend LD_LIBRARY_PATH with the proper ldlogger.so file: For further details consult this documentation.

Enable checkers by group prefix

Checkers can be enabled by providing a group prefix. For example, cplusplus.NewDeleteLeaks can be enabled by --enable cplusplus. The problem was that checkers are enabled by any name prefix, so this former checker is also enabled by cplusplus.NewDelete which is not an intended behavior. This release fixes this issue. Also, it was possible to enable checkers by suffix (e.g. --enable NewDeleteLeaks). As of this release, the suffix matching is not checked either.

:computer: CLI/Server improvements

[fix] Don't reset PATH in Cppcheck plugin #4320
[feat] Implicit include paths added with -idirafter #4315
Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" #4314
[cmd] Checker name prefixes are meant along separator characters #4311
Analyzer binary dependent environment #4305
[fix] Support joker characters at annotation filter #4306
[Fix] Report sorting in unique mode #4294
[fix] Don't enable checkers by suffix #4307
[fix] Minor fixing for statistics tabs #4304
[fix] Error when debug logging skipped actions #4301
[fix] Don't capture cc1 by the logger. #4300
Add -mmitigate-rop to ignored options #4295
[analyzer] Ignore -fno-printf-return-value #4329
[fix] Disable clang-diagnostic-error checker #4325
[fix] Missing analyzer error #4330
[fix] Forwarding --ctu-ast-mode to analyze command #4341
Environment initialization for binaries #4337

:deciduous_tree: Environment

[cfg] Add setuptools as a dependency #4285
Deprecate distutils #4286
Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool #4290
[cfg] Upgrade to pylint 3.2.4 #4279
[analyzer] Adds -fno-freestanding to ignored GCC compiler flags #4281
[cfg] Upgrade pycodestyle to 2.12.0 #4264
[cfg] Upgrade lxml version #4262

:hammer: Other

[test] The assertDictContainsSubset() is depreceted and removed #4322
[fix] fix compare_results.py sciprt #4319
[script] Script for querying all reports #4245
[cmd] Display warning instead of debug log for missing diagtool #4342

- Python
Published by bruntib over 1 year ago

codechecker - v6.24.0

:star2: Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

CodeChecker provides a new view in the "Analysis information tab" which lists all checkers that were enabled during analysis.

feat(server): Store information about available checkers to the database by @whisperity in https://github.com/Ericsson/codechecker/pull/4089

New Checker Coverage Statistics view with coding guideline references

CodeChecker provides a new view to display all enabled checkers for a set of selected runs. Additionally, it also lists all guideline rules related to the given checker. For example, you can verify whether your code has any SEI Cert coding guideline violation.

The new table lists all checkers that were enabled in a set of selected analysis runs, shows the number of outstanding reports and the number of closed reports per enabled checker and the related coding guideline rules.

How is this new view different compared to the existing "Checker Statistics View"? The Checker Statistics View only displays checkers that produced reports for the selected runs. This new view additionally lists all checkers that were enabled in the last analysis for the selected runs.

[GUI] New "Checker Coverage" statistics tab to show all enabled checkers and … by @cservakt in https://github.com/Ericsson/codechecker/pull/4210

Faster run storage

Thanks to a new optimization, the run storage duration can be up to 50% faster.

[store] Unique reports before storing by @Szelethus in https://github.com/Ericsson/codechecker/pull/4152

New Static HTML Report Pages

[cmd] Restructure static HTML generation so it can handle much larger result set. #4168
[feat] Display dynamic analysis generated testcase and timestamp columns in static HTML #4172

New report filter to list closed and outstanding reports

A new filter has been added to list outstanding and closed reports. An outstanding report is a report with detection status new, reopened, unresolved with review status unreviewed or confirmed. * Showing closed reports by @cservakt in https://github.com/Ericsson/codechecker/pull/4244

Web GUI improvements

[fix] Fixing OFF and UNAVAILABLE detectionStatus in the report sidebar by @cservakt in https://github.com/Ericsson/codechecker/pull/4127
feat(gui): Checker status auditing by @whisperity in https://github.com/Ericsson/codechecker/pull/4156
test(gui): Add front-end test for checked status in AnalysisInfo dialog by @whisperity in https://github.com/Ericsson/codechecker/pull/4202
Showing closed reports by @cservakt in https://github.com/Ericsson/codechecker/pull/4244

:exclamation: Backward incompatible changes

None

:bug: Analyzer improvements

[analyzer] Ignore -fno-tree-dominator-opts by @bo-dani in https://github.com/Ericsson/codechecker/pull/4141
[fix] Cppcheck premium version check by @bruntib in https://github.com/Ericsson/codechecker/pull/4155
[gcc] Don't emit a missing gcc warning if no checkers are enabled by @Szelethus in https://github.com/Ericsson/codechecker/pull/4179
[fix] --cppcheckargs should be present in "CodeChecker check" by @bruntib in https://github.com/Ericsson/codechecker/pull/4178
[gcc][GUI] Fix indentations for gcc fn calls bug reports by @Szelethus in https://github.com/Ericsson/codechecker/pull/4182
Add functionality to validate analyzer and checker options by @noraz31 in https://github.com/Ericsson/codechecker/pull/4204
Fix a bug in #3866 where check didn't respect --no-missing-checker-error by @Szelethus in https://github.com/Ericsson/codechecker/pull/4217
Display warning if the compilation database is empty by @noraz31 in https://github.com/Ericsson/codechecker/pull/4226
Do not allow parse if the does not exist by @noraz31 in https://github.com/Ericsson/codechecker/pull/4212
[fix] Pass envp to posix_spawn in ld_logger by @bruntib in https://github.com/Ericsson/codechecker/pull/4146
[analyze] Removing long enabled checker list at info log level by @dkrupp in https://github.com/Ericsson/codechecker/pull/4103

:computer: CLI/Server improvements

Fix debug logging in store by @vodorok in https://github.com/Ericsson/codechecker/pull/4134
Fix remote server path resolution by @vodorok in https://github.com/Ericsson/codechecker/pull/4131
[report-converter][fix] Don't crash when we can't find the checker name for ubsan by @Szelethus in https://github.com/Ericsson/codechecker/pull/4143
Fix typo 'vesion' in sarif conversion template by @SirMutantRat in https://github.com/Ericsson/codechecker/pull/4140
[report-converter] Allow for empty strings in sanitizer error msgs by @Szelethus in https://github.com/Ericsson/codechecker/pull/4147
[fix] Eliminate unnecessary error logging by @bruntib in https://github.com/Ericsson/codechecker/pull/4162
Fix impossible blame info collection by @vodorok in https://github.com/Ericsson/codechecker/pull/4190
fix(migration): Migrate reports with appropriate default checker ID by @whisperity in https://github.com/Ericsson/codechecker/pull/4191
fix(migration): Do not emit log output for checker_id normalisation by @whisperity in https://github.com/Ericsson/codechecker/pull/4198
feat(server): Multiprocess migration and db_cleanup #4175
[fix] Prevent overlapping report groups #4215
[fix] Replace UTF-8 dash characters #4216
[cmd] Check for non-existing source components by @bruntib in https://github.com/Ericsson/codechecker/pull/4203
Fix a crash where config handlers were built with missing binaries by @Szelethus in https://github.com/Ericsson/codechecker/pull/4241
[fix] Creating new temporary directory for zip files by @cservakt in https://github.com/Ericsson/codechecker/pull/4237
[db] Faster query for comment garbage collection by @bruntib in https://github.com/Ericsson/codechecker/pull/4254
[fix] Use module uuid instead of tempfile by @bruntib in https://github.com/Ericsson/codechecker/pull/4253
[cmd] Add --anywhere-on-report-path flag to CLI by @bruntib in https://github.com/Ericsson/codechecker/pull/4255
Support relative paths in the --file option by @noraz31 in https://github.com/Ericsson/codechecker/pull/4250
[Fix] Drop foreign key constraints for faster analysis info deleting by @cservakt in https://github.com/Ericsson/codechecker/pull/4259

:deciduous_tree: Environment

Adding OpenSSF Scorecard badge to README by @gkunz in https://github.com/Ericsson/codechecker/pull/4164

:book: Documentation updates

[doc] Fix documentation URL in highlights page by @bruntib in https://github.com/Ericsson/codechecker/pull/4136
[docs] Rewrite the docs for diff by @Szelethus in https://github.com/Ericsson/codechecker/pull/4006
chore(docs): Remove mentions of Python 2 and ancient Clang limitations from the README by @whisperity in https://github.com/Ericsson/codechecker/pull/4174
Update usage.md: fix typo by @ArnaudBienner in https://github.com/Ericsson/codechecker/pull/4153
Fix Broken Links In Documentation by @justindhillon in https://github.com/Ericsson/codechecker/pull/4159
Fix typos by @omahs in https://github.com/Ericsson/codechecker/pull/4173
additional guidance for silicon mac users by @feyruzb in https://github.com/Ericsson/codechecker/pull/4188
chore(config): [clangsa][clang-tidy] Fix dead doc_urls in checker labels by @whisperity in https://github.com/Ericsson/codechecker/pull/4214
[config] Label Clang 18.0-19.trunk SA & Tidy checkers by @sylvestre in https://github.com/Ericsson/codechecker/pull/4193
[fix] Links in static HTML files should be relative by @bruntib in https://github.com/Ericsson/codechecker/pull/4236
feat(script): Verify the existence of checker config doc_url pages and find appropriate older releases for gone (removed, dealpha, etc.) checkers by @whisperity in https://github.com/Ericsson/codechecker/pull/4207

:hammer: Other

Bump version to 6.24.0 by @vodorok in https://github.com/Ericsson/codechecker/pull/4126
Bump follow-redirects from 1.15.3 to 1.15.4 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4151
Bump gitpython from 3.1.37 to 3.1.41 in /web by @dependabot in https://github.com/Ericsson/codechecker/pull/4150
[fix] Fixing getReportAnnotations subquery by @cservakt in https://github.com/Ericsson/codechecker/pull/4229
chore(ci): Disable failing and dangerous PyPI publishing job by @whisperity in https://github.com/Ericsson/codechecker/pull/4231
Updating clangsa sei cert mapping for clang 18 by @dkrupp in https://github.com/Ericsson/codechecker/pull/4239
chore(config): Add automatically generated doc_urls and severitys by @whisperity in https://github.com/Ericsson/codechecker/pull/4224
chore(config): [clang-tidy] Update SEI-CERT Guideline mappings by @whisperity in https://github.com/Ericsson/codechecker/pull/4235
[config] Adding sei-cert rule mappings for clang diagnostics by @dkrupp in https://github.com/Ericsson/codechecker/pull/4243
Always pass absolute paths to skip handler by @vodorok in https://github.com/Ericsson/codechecker/pull/4227
[config] Minor updates of the clangsa, clang-tidy profiles by @dkrupp in https://github.com/Ericsson/codechecker/pull/4246
Make sure that the Number of runs is displayed correctly by @noraz31 in https://github.com/Ericsson/codechecker/pull/4242
[fix] Store temp .plist files in report dir during store by @bruntib in https://github.com/Ericsson/codechecker/pull/4248
[feature] Adding guideline label to Checker Coverage tab by @cservakt in https://github.com/Ericsson/codechecker/pull/4247

New Contributors

@SirMutantRat made their first contribution in https://github.com/Ericsson/codechecker/pull/4140
@bo-dani made their first contribution in https://github.com/Ericsson/codechecker/pull/4141
@justindhillon made their first contribution in https://github.com/Ericsson/codechecker/pull/4159
@omahs made their first contribution in https://github.com/Ericsson/codechecker/pull/4173
@feyruzb made their first contribution in https://github.com/Ericsson/codechecker/pull/4188
@noraz31 made their first contribution in https://github.com/Ericsson/codechecker/pull/4204

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.23.1...6.24.0

- Python
Published by dkrupp almost 2 years ago

codechecker - v6.24.0-rc1

:star2: Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

CodeChecker provides a new view in the "Analysis information tab" which lists all checkers that were enabled during analysis.

feat(server): Store information about available checkers to the database by @whisperity in https://github.com/Ericsson/codechecker/pull/4089

New Checker Coverage Statistics view

CodeChecker provides a new view to display all enabled checkers for a set of selected runs. The new table lists all checkers that were enabled in a set of selected analysis runs, shows the number of outstanding reports and the number of closed reports per enabled checker.

[GUI] New "Checker Coverage" statistics tab to show all enabled checkers and … by @cservakt in https://github.com/Ericsson/codechecker/pull/4210

Faster run storage

Thanks to a new optimization, the run storage duration can be up to 50% faster.

[store] Unique reports before storing by @Szelethus in https://github.com/Ericsson/codechecker/pull/4152

New Static HTML Report Pages

[cmd] Restructure static HTML generation so it can handle much larger result set. #4168
[feat] Display dynamic analysis generated testcase and timestamp columns in static HTML #4172

Web GUI improvements

[fix] Fixing OFF and UNAVAILABLE detectionStatus in the report sidebar by @cservakt in https://github.com/Ericsson/codechecker/pull/4127
feat(gui): Checker status auditing by @whisperity in https://github.com/Ericsson/codechecker/pull/4156
test(gui): Add front-end test for checked status in AnalysisInfo dialog by @whisperity in https://github.com/Ericsson/codechecker/pull/4202

:exclamation: Backward incompatible changes

None

:bug: Analyzer improvements

[analyzer] Ignore -fno-tree-dominator-opts by @bo-dani in https://github.com/Ericsson/codechecker/pull/4141
[fix] Cppcheck premium version check by @bruntib in https://github.com/Ericsson/codechecker/pull/4155
[gcc] Don't emit a missing gcc warning if no checkers are enabled by @Szelethus in https://github.com/Ericsson/codechecker/pull/4179
[fix] --cppcheckargs should be present in "CodeChecker check" by @bruntib in https://github.com/Ericsson/codechecker/pull/4178
[gcc][GUI] Fix indentations for gcc fn calls bug reports by @Szelethus in https://github.com/Ericsson/codechecker/pull/4182

:computer: CLI/Server improvements

Fix debug logging in store by @vodorok in https://github.com/Ericsson/codechecker/pull/4134
Fix remote server path resolution by @vodorok in https://github.com/Ericsson/codechecker/pull/4131
[report-converter][fix] Don't crash when we can't find the checker name for ubsan by @Szelethus in https://github.com/Ericsson/codechecker/pull/4143
Fix typo 'vesion' in sarif conversion template by @SirMutantRat in https://github.com/Ericsson/codechecker/pull/4140
[report-converter] Allow for empty strings in sanitizer error msgs by @Szelethus in https://github.com/Ericsson/codechecker/pull/4147
[fix] Eliminate unnecessary error logging by @bruntib in https://github.com/Ericsson/codechecker/pull/4162
Fix impossible blame info collection by @vodorok in https://github.com/Ericsson/codechecker/pull/4190
fix(migration): Migrate reports with appropriate default checker ID by @whisperity in https://github.com/Ericsson/codechecker/pull/4191
fix(migration): Do not emit log output for checker_id normalisation by @whisperity in https://github.com/Ericsson/codechecker/pull/4198
feat(server): Multiprocess migration and db_cleanup #4175
[fix] Prevent overlapping report groups #4215
[fix] Replace UTF-8 dash characters #4216

:deciduous_tree: Environment

Adding OpenSSF Scorecard badge to README by @gkunz in https://github.com/Ericsson/codechecker/pull/4164

:book: Documentation updates

[doc] Fix documentation URL in highlights page by @bruntib in https://github.com/Ericsson/codechecker/pull/4136
[docs] Rewrite the docs for diff by @Szelethus in https://github.com/Ericsson/codechecker/pull/4006
chore(docs): Remove mentions of Python 2 and ancient Clang limitations from the README by @whisperity in https://github.com/Ericsson/codechecker/pull/4174
Update usage.md: fix typo by @ArnaudBienner in https://github.com/Ericsson/codechecker/pull/4153
Fix Broken Links In Documentation by @justindhillon in https://github.com/Ericsson/codechecker/pull/4159
Fix typos by @omahs in https://github.com/Ericsson/codechecker/pull/4173
additional guidance for silicon mac users by @feyruzb in https://github.com/Ericsson/codechecker/pull/4188

:hammer: Other

Bump version to 6.24.0 by @vodorok in https://github.com/Ericsson/codechecker/pull/4126
Bump follow-redirects from 1.15.3 to 1.15.4 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4151
Bump gitpython from 3.1.37 to 3.1.41 in /web by @dependabot in https://github.com/Ericsson/codechecker/pull/4150

New Contributors

@SirMutantRat made their first contribution in https://github.com/Ericsson/codechecker/pull/4140
@bo-dani made their first contribution in https://github.com/Ericsson/codechecker/pull/4141
@justindhillon made their first contribution in https://github.com/Ericsson/codechecker/pull/4159
@omahs made their first contribution in https://github.com/Ericsson/codechecker/pull/4173
@feyruzb made their first contribution in https://github.com/Ericsson/codechecker/pull/4188

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.23.1...v6.24.0-rc1

- Python
Published by dkrupp about 2 years ago

codechecker - v6.23.1

What's Changed

Release v6.23.1 by @bruntib in https://github.com/Ericsson/codechecker/pull/4135
[doc] Fix documentation URL in highlights page by @bruntib in https://github.com/Ericsson/codechecker/pull/4137
Fix remote server path resolution by @vodorok in https://github.com/Ericsson/codechecker/pull/4131
Fix debug logging in store by @vodorok in https://github.com/Ericsson/codechecker/pull/4134
[fix] Fixing OFF and UNAVAILABLE detectionStatus in the report sidebar by @cservakt in https://github.com/Ericsson/codechecker/pull/4127

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.23.0...v6.23.1

- Python
Published by bruntib over 2 years ago

codechecker - v6.23.0

:star2: Highlights

GCC Static Analyzer support

We are happy to announce that CodeChecker added native support for the GCC Static Analyzer! This analyzer checks code in the C family of languages, but its latest release at the time of writing is still best used only on C code. Despite it being a bit immature for C++, we did some internal surveys where the GCC Static Analyzer seemed to be promising.

We expect this analyzer to be slower than clang-tidy, but faster than the Clang Static Analyzer. You can enable it by adding --analyzers gcc to your CodeChecker check or CodeChecker analyze commands. For further configuration, check out the GCC Static Analyzer configuration page.

GNU GCC 13.0.0. (the minimum version we support) can be tricky to obtain and to make CodeChecker use it, as CodeChecker looks for the g++ binary, not g++-13. As a workaround, you can set the environmental variable CC_ANALYZER_BIN which will make CodeChecker use the given analyzer path (e.g. CC_ANALYZER_BIN="gcc:/usr/bin/g++-13"). You can use CodeChecker analyzers to check whether you have the correct binary configured.

You can enable gcc checkers by explicitly mentioning them at the analyze command e.g.

CodeChecker analyze -e gcc

gcc checkers are only added to the exterme profile. After evaluation, some checkers may be added to other profiles too.

Under the same breath, we added partial support for the SARIF file format (as opposed to using plists) to report-converter, with greater support planned for future releases.

Review status config file

In previous CodeChecker versions, you could set the review status of a report using two methods: using in-source comments, or setting a review status rule in the GUI. The former sets the specific report's review status, the latter sets all matching reports' review status.

This release introduces a third way, a review status config file! One of the motivations behind this is that we wanted to have a way to set review statuses on reports in specific directories (which was not possible on the GUI). CodeChecker uses a YAML config file that can be set during analysis: ```yaml $version: 1 rules: - filters: filepath: /path/to/project/test/* checkername: core.DivideZero actions: reviewstatus: intentional reason: Division by zero in test files is automatically intentional.

filters: filepath: /path/to/project/important/module/* actions: review_status: confirmed reason: All reports in this module should be investigated.
filters: filepath: "/project/test/" actions: review_status: suppress reason: If a filter starts with asterix, then it should be quoted due to YAML format.
filters: reporthash: b85851b34789e35c6acfa1a4aaf65382 actions: reviewstatus: falsepositive reason: This report is false positive. This is how you can use this config file for an analysis:bash CodeChecker analyze compilecommands.json --review-status-config review_status.yaml -o reports ``` The config file allows for a great variety of ways to match a report and set its review status. For further details see this documentation.

Enable/disable status of checkers

In this release the unknown Checker status has been eliminated. CodeChecker will enable only those checkers that are either present in the default profile (see CodeChecker checkers --profile default) or enabled using the --enable argument (through another profile or explicitly through a checker name).

In previous CodeChecker versions, when you ran an analysis, we assigned three states to every checker: it's either enabled, disabled, or neither (unknown). We kept the third state around to give some leeway for the analyzers to decide which checkers to enable or disable, usually to manage their checker dependencies. We now see that this behavior can be (and usually is) confusing, party because it's hard to tell which checkers were actually enabled.

You can list the checkers enabled by default using the CodeChecker checkers command: ``` CodeChecker 6.22.0 output:

CodedeChecker checkers |grep clang-diagnostic-varargs -A7 clang-diagnostic-varargs --> Status: unknown <--- Analyzer: clang-tidy Description: Labels: doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvarargs severity:MEDIUM

=> CodeChecker 6.23.0 output:

CodeChecker checkers |grep clang-diagnostic-varargs -A7 clang-diagnostic-varargs ---> Status: disabled <--- Analyzer: clang-tidy Description: Labels: doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvarargs severity:MEDIUM ```

Major fixes to run/tag comparisons (diff)

Following a thorough survey, we identified numerous areas to improve on our run/tag comparisons. We landed several patches to improve the results of diffs both on the CLI and the web GUI (which should be almost always identical). Despite that this feature has the appearance of a simple set operation, diff is a powerful tool that can express a lot of properties on the state of your codebase, and has a few intricacies. For this reason, we also greatly improved our docs around it.

A detailed description of the issues are described in this ticket: https://github.com/Ericsson/codechecker/issues/3884

One example is that the if the suppression was removed for a finding, the diff did not show the reappearing result as new (in local/local diff):

``` // Code version 1: void c() { int i = 0; // deadstore, this value is never read // codechecker_suppress [all] SUPPRESS ALL i = 5; }

// Code version 2 (suppression removed):

void c() { int i = 0; // deadstore, this value is never read i = 5; }

CodeChecker diff -b version1.c -n version2.c --new Did not show the deadstore finding as new. ```

Web GUI improvements

1) We landed several patches to improve the readability and usability of the GUI, with more improvements to come in later releases! The currently selected event's visual highlight pops a little more now in the report view, and we no longer show unused columns in the run view.

In this image, you can see how much the selected event "pops" after this release, and also, how other events' opacity was a lowered a bit, which allows arrows to be seen through them.

2) In the report detail page, outstanding and closed issues are clearly organized into a left tree view. So it will be easier to see which report needs more attention (fixing or triaging).

Report limit for storing to the server

Especially in the case of clang-tidy, we have observed some unreasonable number of reports by certain checkers. In some instances, we saw hundreds of thousands (!) of reports reported by some individual checkers, and its more than unlikely that anyone will inspect these reports individually (you probably got the message about using parantheses around macros after the first 15 000 reports).

We found that these checkers were usually enabled by mistake, and put unnecessary strain both on the storage of results to the server, and on the database once stored. Moving forward, CodeChecker servers will reject stores of runs that have more than 500 000 reports. This limit is a default value that you can change or even set to unlimited. Our intent is not to discourage legitemately huge stores, only those that are whose size is likely this large by mistake.

When creating a new product called My product at endpoint myproduct, you can set the report limit from the CLI with the following invocation: bash CodeChecker cmd products add -n "My product" --report-limit 1000000 myproduct For an already existing product, you can change the limit by clicking the pencil at the products page:

:exclamation: Backward incompatible changes

[analyzer] Promote the missing analyzer warning to an error #3997
- If analyzers are specified with --analyzers flag and one of them is missing, CodeChecker now emits an error.
- Previously, the user could only specify the analyzers without version number e.g.: CodeChecker analyze compile_commands.json -o reports --analyzers clangsa
- Now, you can also validate the analyzer's version number e.g.: CodeChecker analyze compile_commands.json -o reports --analyzers clangsa==14.0.0
- In both cases, if a wrong analyzer was given, the system exit would trigger.

`--all` and `--details` were deprecated for `CodeChecker analyzers`

With the introduction of the GCC Static Analyzer, we think that the --all flag was more confusing than useful -- its a reasonable assumption that any system will have a version of GCC available. The default behaviour prior to this release was to only list analyzers that were available for analysis: the binary was found, met the version criteria, and was functional. The --all flag listed all supported analyzers, even if they were not available. We changed the default behaviour to always list all supported checkers, and --all is ignored. We emit helpful warnings for analyzers that CodeChecker supports, but can't analyze with.

--details could be used to print additional version information of the binary, but we didn't feel like it provided any value above what the non-detailed query gave, and it was impossible to pretty print. After this release, this flag will also be ignored.

:bug: Analyzer improvements

Replaced the multiprocessing library with multiprocess. This resolved issues in multiprocess library usage on different platforms but mostly on OSX. Added in https://github.com/Ericsson/codechecker/pull/4076
Fixing a crash when CCANALYZERSFROM_PATH env variable is set in https://github.com/Ericsson/codechecker/pull/4084
Corrected a bug about the --enable-all flag not disabling specific warnings in #4080 by @bruntib
Fixed non-determinism in the appearance of clang-tidy checkers.
Prevented duplicate addition of extra arguments in cppcheck.
Resolved an issue with the AnalyzerContext lazy initialization.
[fix] Recognize -pthread for gcc compile commands https://github.com/Ericsson/codechecker/pull/3969
[bugfix] Allow the disabling of statisticsbased checkers https://github.com/Ericsson/codechecker/pull/3972
[bugfix] Include platform to ldlogger.so path https://github.com/Ericsson/codechecker/pull/3976
[analyzer] Ignore another unknown gcc options https://github.com/Ericsson/codechecker/pull/4028
[report-converter] Support sarif format and Gcc analyzer https://github.com/Ericsson/codechecker/pull/4011
Gcc analyzer native support https://github.com/Ericsson/codechecker/pull/4030
[clang-tidy] Fix Clang tidy checker option output https://github.com/Ericsson/codechecker/pull/4050
[analyzer] Add support the CCANALYZERBIN env var https://github.com/Ericsson/codechecker/pull/4057

:computer: CLI/Server improvements

[fix] An error was fixed when loading the report in the report view that caused the review status dropdown menu's value to fail to update when switching to a report with a different status. Fixed in in https://github.com/Ericsson/codechecker/pull/4082 by @cservakt
Eliminate "unknown" checker state https://github.com/Ericsson/codechecker/pull/3949
[bugfix] Don't trigger analyzer without enabled checkers https://github.com/Ericsson/codechecker/pull/3970
[fix] Refine when a report is regarded as outstanding for tags https://github.com/Ericsson/codechecker/pull/3995
[cmd] Fix FP annotations in the case of local-remote diffs https://github.com/Ericsson/codechecker/pull/3956
[diff] Fix a CLI remote-remote bug where we checked the detection status https://github.com/Ericsson/codechecker/pull/3996
[cmd][diff] Ignore detection status for tags https://github.com/Ericsson/codechecker/pull/4013
[gui] Update run filter when setting the filter options https://github.com/Ericsson/codechecker/pull/3963
replace os.uname() with platform.uname() for Windows support https://github.com/Ericsson/codechecker/pull/4012
[feat] Introduce review status config file https://github.com/Ericsson/codechecker/pull/4054
[fix][clang-tidy] Fix env var replace for extra args https://github.com/Ericsson/codechecker/pull/4033
[enhancement] --cppcheckargs flag was missing https://github.com/Ericsson/codechecker/pull/3978
feat(store): Explicitly time the client out if the connection hung https://github.com/Ericsson/codechecker/pull/4039
[server] Rate limit based on report count https://github.com/Ericsson/codechecker/pull/3843
[analyzers] Deprecate --all and --details for analyzers https://github.com/Ericsson/codechecker/pull/4056
Parse file speed up https://github.com/Ericsson/codechecker/pull/4000

:deciduous_tree: Environment

[req] Upgrade PyYAML to 6.0.1 https://github.com/Ericsson/codechecker/pull/3961
[test] Fix package test https://github.com/Ericsson/codechecker/pull/3965
[check actions] setting GITHUB_TOKEN permissions to read https://github.com/Ericsson/codechecker/pull/3983
Create SECURITY.md https://github.com/Ericsson/codechecker/pull/3990
[db] Eliminating duplicate key constraint violations https://github.com/Ericsson/codechecker/pull/3712
Bump gitpython from 3.1.30 to 3.1.32 in /web https://github.com/Ericsson/codechecker/pull/3987
Bump gitpython from 3.1.30 to 3.1.32 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/3985
Bump cryptography from 3.3.2 to 41.0.3 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/3986
Bump minimist from 1.2.5 to 1.2.8 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3993
Bump word-wrap from 1.2.3 to 1.2.5 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3988
Bump webpack from 5.66.0 to 5.76.0 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3991
Bump json5 from 1.0.1 to 1.0.2 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3992
Bump qs from 6.5.2 to 6.5.3 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3998
Bump loader-utils from 1.2.3 to 1.4.2 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3999
Bump gitpython from 3.1.32 to 3.1.34 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4005
Bump gitpython from 3.1.32 to 3.1.34 in /web https://github.com/Ericsson/codechecker/pull/4004
Bump cryptography from 41.0.3 to 41.0.4 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4015
Bump gitpython from 3.1.34 to 3.1.35 in /web https://github.com/Ericsson/codechecker/pull/4016
Bump gitpython from 3.1.34 to 3.1.35 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4017

:book: Documentation updates

The issue with building ReadTheDocs has been rectified. You can view the latest docs here: https://codechecker.readthedocs.io/en/latest/ In addition, we have implemented modifications to the PyPI action in order for a more reliable package publishing by @vodorok
Add more checks from clang-tidy https://github.com/Ericsson/codechecker/pull/3959
[config] Add some checkers to "default" profile https://github.com/Ericsson/codechecker/pull/3971
Document new clang-tidy checkers https://github.com/Ericsson/codechecker/pull/4024
chore(config): Add labels for new checks of Clang SA & Tidy https://github.com/Ericsson/codechecker/pull/4051
fix typo: 'hte' to 'the' https://github.com/Ericsson/codechecker/pull/3960

:hammer: Other

[docs] Leave a better TODO for gcc docs by @Szelethus in https://github.com/Ericsson/codechecker/pull/4069
chore(store): Give a name to the timeout watchdog thread by @whisperity in https://github.com/Ericsson/codechecker/pull/407
Bump @babel/traverse from 7.16.8 to 7.23.2 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4043
Bump gitpython from 3.1.35 to 3.1.37 in /web/requirements_py/dev by @dependabot in https://github.com/Ericsson/codechecker/pull/4038
Bump gitpython from 3.1.35 to 3.1.37 in /web by @dependabot in https://github.com/Ericsson/codechecker/pull/4037
[version] Bump up to version 6.23.0 https://github.com/Ericsson/codechecker/pull/3893
[logger] + add missing header fcntl.h https://github.com/Ericsson/codechecker/pull/3958
[GUI] Change the selected bubble's brightness https://github.com/Ericsson/codechecker/pull/3981
[test] Add several more cmdline tests for tag diffs https://github.com/Ericsson/codechecker/pull/3979
[bugfix] Make None assignments to be initializations, not overwrites https://github.com/Ericsson/codechecker/pull/4001
[GUI] Jump directly to documentation url without error modal https://github.com/Ericsson/codechecker/pull/3974
[GUI] Unnecessary reports columns https://github.com/Ericsson/codechecker/pull/4014
[gui] Retain filter configuration between reports and statistics views https://github.com/Ericsson/codechecker/pull/4058
[fix] Fix commentCount related error in gui https://github.com/Ericsson/codechecker/pull/4034
Making an analyze and parse testcase checker set independent https://github.com/Ericsson/codechecker/pull/4045
Fix typo in log https://github.com/Ericsson/codechecker/pull/4023

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.22.2...v6.23.0

- Python
Published by cservakt over 2 years ago

codechecker - 6.23.0-rc2

The following changes and fixes were made since v6.23.0-rc1

GCC Static Analyzer Related Changes:

Fixed the SARIF file location according to the GCC documentation. Changed GCC's output format to sarif-stderr. Temporarily ignored compiler warnings in GCC.

:bug: Analyzer Improvements:

Replaced the multiprocessing library with multiprocess. This resolved issues in multiprocess library usage on different platforms but mostly on OSX. Added in https://github.com/Ericsson/codechecker/pull/4076

Fixing a crash when CCANALYZERSFROM_PATH env variable is set in https://github.com/Ericsson/codechecker/pull/4084

Corrected a bug about the --enable-all flag not disabling specific warnings. Fixed non-determinism in the appearance of clang-tidy checkers. Prevented duplicate addition of extra arguments in cppcheck. Resolved an issue with the AnalyzerContext lazy initialization.

:computer: Server/GUI Updates:

An error was fixed when loading the report in the report view that caused the review status dropdown menu's value to fail to update when switching to a report with a different status. Fixed in in https://github.com/Ericsson/codechecker/pull/4082

CI Configuration

The issue with building ReadTheDocs has been rectified. You can view the latest docs here: https://codechecker.readthedocs.io/en/latest/ In addition, we have implemented modifications to the PyPI action in order for a more reliable package publishing

:hammer: Other:

[docs] Leave a better TODO for gcc docs by @Szelethus in https://github.com/Ericsson/codechecker/pull/4069
chore(store): Give a name to the timeout watchdog thread by @whisperity in https://github.com/Ericsson/codechecker/pull/407
Bump @babel/traverse from 7.16.8 to 7.23.2 in /web/server/vue-cli by @dependabot in https://github.com/Ericsson/codechecker/pull/4043
Bump gitpython from 3.1.35 to 3.1.37 in /web/requirements_py/dev by @dependabot in https://github.com/Ericsson/codechecker/pull/4038
Bump gitpython from 3.1.35 to 3.1.37 in /web by @dependabot in https://github.com/Ericsson/codechecker/pull/4037

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.23.0-rc1...v6.23.0-rc2

- Python
Published by vodorok over 2 years ago

codechecker - v6.23.0-rc1

:star2: Highlights

GCC Static Analyzer support

You can enable gcc checkers by explicitly mentioning them at the analyze command e.g.

CodeChecker analyze -e gcc

gcc checkers are only added to the exterme profile. After evaluation, some checkers may be added to other profiles too.

Under the same breath, we added partial support for the SARIF file format (as opposed to using plists) to report-converter, with greater support planned for future releases.

Review status config file

review_status.yaml

filepathfilter: /path/to/project/test/* checkerfilter: core.DivideZero message: Division by zero in test files is automatically intentional. review_status: intentional
filepathfilter: /path/to/project/important/module/* message: All reports in this module should be investigated. reviewstatus: confirmed
filepathfilter: "/project/test/" message: If a filter starts with asterix, then it should be quoted due to YAML format. reviewstatus: suppress
reporthashfilter: b85851b34789e35c6acfa1a4aaf65382 message: This report is false positive. reviewstatus: falsepositive This is how you can use this config file for an analysis:bash CodeChecker analyze compilecommands.json --review-status-config reviewstatus.yaml -o reports ``` The config file allows for a great variety of ways to match a report and set its review status. For further details see this documentation.

Enable/disable status of checkers

In previous CodeChecker versions, when you ran an analysis, we assigned three states to every checker: it's either enabled, disabled, or neither (unknown). We kept the third state around to give some leeway for the analyzers to decide which checkers to enable or disable, usually to manage their checker dependencies. We now see that this behavior can be (and usually is) confusing, party because it's hard to tell which checkers were actually enabled. In this release the unknown status has been eliminated, and we deal with dependencies using other means. Moving on, CodeChecker will enable only those checkers that are either present in the default profile (see CodeChecker checkers --profile default) or enabled using the --enable argument.

Major fixes to run/tag comparisons (diff)

Web GUI improvements

We landed several patches to improve the readability and usability of the GUI, with more improvements to come in later releases! The currently selected event's visual highlight pops a little more now in the report view, and we no longer show unused columns in the run view.

In this image, you can see how much the selected event "pops" after this release, and also, how other events' opacity was a lowered a bit, which allows arrows to be seen through them.

Report limit for storing to the server

:exclamation: Backward incompatible changes

Clang warnings must be referred to as `clang-diagnostic-<warning-name>` (instead of `W<warning-name>`)

After analysis, reports from clang compiler warnings (well before this release) were attributed to clang-diagnostic-<warning-name> instead of -W<warning-name> that is usually given to the compiler to enable <warning-name>. We did this so that warnings from different compilers could be differentiated. However, you could only enable <warning-name> as a checker by referencing it as W<warning-name>. In this release, we fixed this inconsistency.

Moving forward, you can enable a clang warning with the following syntax: CodeChecker analyzer -e clang-diagnostic-deprecated-copy instead of CodeChecker analyze -e Wdeprecated-copy which is no longer supported. You can list all clang-diagnostics with the CodeChecker checkers command.

`--all` and `--details` were deprecated for `CodeChecker analyzers`

:bug: Analyzer improvements

[fix] Recognize -pthread for gcc compile commands https://github.com/Ericsson/codechecker/pull/3969
[bugfix] Allow the disabling of statisticsbased checkers https://github.com/Ericsson/codechecker/pull/3972
[bugfix] Include platform to ldlogger.so path https://github.com/Ericsson/codechecker/pull/3976
[analyzer] Ignore another unknown gcc options https://github.com/Ericsson/codechecker/pull/4028
[report-converter] Support sarif format and Gcc analyzer https://github.com/Ericsson/codechecker/pull/4011
Gcc analyzer native support https://github.com/Ericsson/codechecker/pull/4030
[clang-tidy] Fix Clang tidy checker option output https://github.com/Ericsson/codechecker/pull/4050
[analyzer] Add support the CCANALYZERBIN env var https://github.com/Ericsson/codechecker/pull/4057

:computer: CLI/Server improvements

Eliminate "unknown" checker state https://github.com/Ericsson/codechecker/pull/3949
[bugfix] Don't trigger analyzer without enabled checkers https://github.com/Ericsson/codechecker/pull/3970
[fix] Refine when a report is regarded as outstanding for tags https://github.com/Ericsson/codechecker/pull/3995
[cmd] Fix FP annotations in the case of local-remote diffs https://github.com/Ericsson/codechecker/pull/3956
[diff] Fix a CLI remote-remote bug where we checked the detection status https://github.com/Ericsson/codechecker/pull/3996
[cmd][diff] Ignore detection status for tags https://github.com/Ericsson/codechecker/pull/4013
[gui] Update run filter when setting the filter options https://github.com/Ericsson/codechecker/pull/3963
replace os.uname() with platform.uname() for Windows support https://github.com/Ericsson/codechecker/pull/4012
[feat] Introduce review status config file https://github.com/Ericsson/codechecker/pull/4054
[fix][clang-tidy] Fix env var replace for extra args https://github.com/Ericsson/codechecker/pull/4033
[enhancement] --cppcheckargs flag was missing https://github.com/Ericsson/codechecker/pull/3978
feat(store): Explicitly time the client out if the connection hung https://github.com/Ericsson/codechecker/pull/4039
[server] Rate limit based on report count https://github.com/Ericsson/codechecker/pull/3843
[analyzers] Deprecate --all and --details for analyzers https://github.com/Ericsson/codechecker/pull/4056
Parse file speed up https://github.com/Ericsson/codechecker/pull/4000

:deciduous_tree: Environment

[req] Upgrade PyYAML to 6.0.1 https://github.com/Ericsson/codechecker/pull/3961
[test] Fix package test https://github.com/Ericsson/codechecker/pull/3965
[check actions] setting GITHUB_TOKEN permissions to read https://github.com/Ericsson/codechecker/pull/3983
Create SECURITY.md https://github.com/Ericsson/codechecker/pull/3990
[db] Eliminating duplicate key constraint violations https://github.com/Ericsson/codechecker/pull/3712
Bump gitpython from 3.1.30 to 3.1.32 in /web https://github.com/Ericsson/codechecker/pull/3987
Bump gitpython from 3.1.30 to 3.1.32 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/3985
Bump cryptography from 3.3.2 to 41.0.3 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/3986
Bump minimist from 1.2.5 to 1.2.8 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3993
Bump word-wrap from 1.2.3 to 1.2.5 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3988
Bump webpack from 5.66.0 to 5.76.0 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3991
Bump json5 from 1.0.1 to 1.0.2 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3992
Bump qs from 6.5.2 to 6.5.3 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3998
Bump loader-utils from 1.2.3 to 1.4.2 in /web/server/vue-cli https://github.com/Ericsson/codechecker/pull/3999
Bump gitpython from 3.1.32 to 3.1.34 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4005
Bump gitpython from 3.1.32 to 3.1.34 in /web https://github.com/Ericsson/codechecker/pull/4004
Bump cryptography from 41.0.3 to 41.0.4 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4015
Bump gitpython from 3.1.34 to 3.1.35 in /web https://github.com/Ericsson/codechecker/pull/4016
Bump gitpython from 3.1.34 to 3.1.35 in /web/requirements_py/dev https://github.com/Ericsson/codechecker/pull/4017

:book: Documentation updates

Add more checks from clang-tidy https://github.com/Ericsson/codechecker/pull/3959
[config] Add some checkers to "default" profile https://github.com/Ericsson/codechecker/pull/3971
Document new clang-tidy checkers https://github.com/Ericsson/codechecker/pull/4024
chore(config): Add labels for new checks of Clang SA & Tidy https://github.com/Ericsson/codechecker/pull/4051
fix typo: 'hte' to 'the' https://github.com/Ericsson/codechecker/pull/3960

:hammer: Other

[version] Bump up to version 6.23.0 https://github.com/Ericsson/codechecker/pull/3893
[logger] + add missing header fcntl.h https://github.com/Ericsson/codechecker/pull/3958
[GUI] Change the selected bubble's brightness https://github.com/Ericsson/codechecker/pull/3981
[test] Add several more cmdline tests for tag diffs https://github.com/Ericsson/codechecker/pull/3979
[bugfix] Make None assignments to be initializations, not overwrites https://github.com/Ericsson/codechecker/pull/4001
[GUI] Jump directly to documentation url without error modal https://github.com/Ericsson/codechecker/pull/3974
[GUI] Unnecessary reports columns https://github.com/Ericsson/codechecker/pull/4014
[gui] Retain filter configuration between reports and statistics views https://github.com/Ericsson/codechecker/pull/4058
[fix] Fix commentCount related error in gui https://github.com/Ericsson/codechecker/pull/4034
Making an analyze and parse testcase checker set independent https://github.com/Ericsson/codechecker/pull/4045
Fix typo in log https://github.com/Ericsson/codechecker/pull/4023

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.22.2...v6.23.0-rc1

- Python
Published by bruntib over 2 years ago

codechecker - v6.22.2

:star2: Highlights

Support for Ubuntu 22.04

CodeChecker failed to build on Ubuntu 22.04 in its previous release because of two issues: some of our dependencies broke with the release of python3.9, and we didn't support GNU Make-s new way of creating build jobs. These issues are all fixed now, so CodeChecker should work with the latest version of python and GNU Make!

:bug: Analyzer improvements

Ignore some gcc flags (-fno-lifetime-dse#3913, -Wno-error, -fprofile #3937, #3941)
- We do these kinds of patches reguarly when a gcc flag is not supported by our main analyzer, clang.
Disable cppcheck-preprocessorErrorDirective explicitly #3902
- Cppcheck analyzer results compilation errors due to less granular configuration of the build environment. This results too many false-positive reports, so this checker is disabled by default.
Fix exception in Spotbugs report-converter (report-converter crashed when SourceLine has no source_path attribute) #3917
Fix crash when an assembler command is analyzed #3914
Logger-related changes
- Recognize and capture linux_spawn alongside exec* calls in the logger #3930
- Use absolute path to logger.so in LD_PRELOAD #3919
- CodeChecker logger is using the LD_PRELOAD environment variable where ldlogger.so was set with a relative path. Due to the relative path LD_LIBRARY_PATH has to be set too. However, this latter environment variable is overridden by the build systems many times. So CodeChecker uses an absolute path in LD_PRELOAD and eliminates the usage of LD_LIBRARY_PATH.
Adapt to new clang-tidy checker options format. #3934
Enable multiple inputs for report-converter #3897
Introduce sanitizer checker names #3904
Exclude dynamic parts of checker message in hash generation #3927
Analysis shouldn't fail on non-existing directory #3943
report-converter: Parse all leaks reported by LeakSanitizer #3750

:computer: CLI/Server improvements

[fix][server] Fix webapp crash when using component filter #3887
[bugfix] Fix the zombie process issue #3895
6.22.1 highlights #3888
[GUI] Add a tooltip about Diff #3890
[cmd] Warning message on no run delete. #3915
[GUI] Pop the call stack when the message starts with "Returning;" #3948
Fix local local diff src code suppression #3944

:deciduous_tree: Environment

[test] Get rid of mockldap #3894
[req] Upgrade lxml to 4.9.2 #3896
[fix] One more attempt to fix gui tests #3911
Bump GitPython version #3841
[ci] Remove pypi actions from pullrequest and push events. #3912
Update Snapstore publish action #3891
[fix] Fix newly surfaced gui test error during cleanup plan testing #3920
[test][NFC] Change from nose to pytest (analyzer library) #3926
[test][NFC] Change from nose to pytest (tools library) #3931
[test][NFC] Change from nose to pytest (web library) #3932
[test][NFC] Remove every remaining trace of nose in favor of pytest #3933
[env] Upgrade PyYAML to version 6.0 #3942
[test] Allow additional pytest args to be given through make targets #3935

:book: Documentation updates

[config] Additional clang-diagnostic documentations #3922

:hammer: Other

[doc] Make every second release highlight green #3882
[version] Bump up to version 6.23.0 #3893
Makefile: packagegerritskiplist should depend on packagedirstructure #3901
[NFC] Factor args out of the diff logic for unit tests #3863
[refactor] Reducing analyzer config handler #3824
[test] Add missing tests for cmdline diffing, and display a bug for tag diffs #3868
Error message: Add a missing space #3953
Fix a Pylint false positive with python3.9 or later #3925

Full Changelog: https://github.com/Ericsson/codechecker/compare/v6.22.0...v6.22.2

- Python
Published by bruntib almost 3 years ago

codechecker - v6.22.1

:star2: Highlights

[fix][server] Fix webapp crash when using component filter

CodeChecker webapp was crashing when using the component filter, which has been fixed in this release. #3887

[doc] Make every second release highlight green #3882

- Python
Published by vodorok about 3 years ago

codechecker - v6.22.0

:star2: Highlights

Further enhancements to speed up the store procedure

After another round of optimizations, CodeChecker store is ~2 times faster than in v6.21.0. Combined with the previous release, storing may be as much as 4 times faster than v6.20.0., with larger result directories seeing a greater degree of improvement.

This should allow those that use CodeChecker in CI loops to see fewer timeouts due to long storages, or lower timeout tresholds significantly.

Multiroot analysis

CodeChecker now supports an analysis mode where for each source file, it tries to find the closest compile_commands.json file up in the directory hierarchy starting from the source file.

If your project is structured such that multiple folders act as their own root folder (hence the name multiroot), CodeChecker should be able to support that out of the box. clangd and clang-tidy already works this way: https://clangd.llvm.org/installation.html#compile_commandsjson

This feature also affects the CodeChecker Visual Studio Code plugin, where analysis will be done on multiroot projects as well Ericsson/CodecheckerVSCodePlugin#113.

Previously the input of analysis must have been a compilation database JSON file. This PR supports the following new CodeChecker analyze invocations, as long as a corresponding compilation database file is found: ```

Analyze a single file.

CodeChecker analyze analyze.cpp -o reports

Analyze all source files under a directory.

CodeChecker analyze my_project -o reports ```

Support report annotations and add dynamic analyzer related annotations

CodeChecker is now able to parse additional fields from plist files especially relevant to dynamic analyses. https://github.com/Ericsson/codechecker/blob/master/docs/analyzer/user_guide.md#dynamic-analysis-results

<dict> <key>diagnostics</key> <array> <dict> <key>category</key> <string>unknown</string> <key>check_name</key> <string>UndefinedBehaviorSanitizer</string> <key>report-annotation</key> <dict> <key>testcase</key> <string>yhegalkoei</string> <key>timestamp</key> <string>1970-04-26T17:27:55</string> </dict> <key>path</key> <array> ... </array> </dict>

Unlike for static analyzers, the time of the detection can be a crucial piece of information, as a report may be a result of another preceding report. Users that record the timestamp of the detection and store it in CodeChecker under the new 'Timestamp' field will be able to sort reports by it. CodeChecker now also supports the 'Testsuite' field.

You can read more about this feature in its PR #3849, and the relevant docs PR #3871.

:exclamation: Backward incompatible changes

[cmd] Remove some deprecated flags. #3823
- CodeChecker checkers --only-enabled DEPRECATED. Show only the enabled checkers. use CodeChecker checkers --details to list the checker status (enabled/disabled)
- CodeChecker checkers --only-disabled. use CodeChecker checkers --details to list the checker status.
- CodeChecker cmd diff -s, --suppressed DEPRECATED. Lists the suppressed reports. Use the --review-status [REVIEW_STATUS [REVIEW_STATUS ...]] flag to filter the results.
- CodeChecker cmd diff --filter FILTER DEPRECATED. Filter diff results. Use the --review-status [REVIEW_STATUS [REVIEW_STATUS ...]] flag to filter the results.
- CodeChecker cmd sum --disable-unique DEPRECATED. Use the '--uniqueing' option to get uniqueing results.
- [cmd] Remove the CodeChecker analyzer --tidy-config flag #3822
- CodeChecker analyze [--tidy-config TIDY_CONFIG] DEPRECATED and removed. Use the CodeChecker analyzers --analyzer-config clang-tidy to list the analyzer options Use e.g. CodeChecker analyze --analyzer-config clang-tidy:WarningsAsErrors=true to set a parameter. Alternatively you can use .clang-tidy config files too
[analyzer] Promote the missing checker warning to an error #3820
- If a checker name given to --enable/--disable is not recognized (usually because of a typo) by any of the analyzers, CodeChecker now emits an error. While we strongly advise you against it, you can demote this error to a warning, restoring the behaviour similar to previous releases, with the flag --no-missing-checker-error (#3866).

:bug: Analyzer improvements

ignore -fno-keep-inline-dllexport gcc option #3813
Fix error using Clang option '-stdlib=libc++' #3808
[fix] Fix a condition about checkers being compiler warnings #3838
[analyzer] Promote the missing checker warning to an error #3820
[fix] Pass arch flag correctly #3854
[fix] Treat clang-diagnostic-* checkers as compiler flags #3874
Forward --driver-mode compiler flag to the analyzer #3867

:repeat: Profile changes

bugprone-standalone-empty: default, extreme, sensitive
bugprone-unsafe-functions: extreme, security, sensitive
cert-msc24-c: alias of bugprone-unsafe-functions
cert-msc33-c: alias of bugprone-unsafe-functions
cppcoreguidelines-avoid-capture-default-when-capturing-this: extreme, sensitive
cppcoreguidelines-avoid-capturing-lambda-coroutines: default, extreme, sensitive
cppcoreguidelines-avoid-reference-coroutine-parameters: default, extreme, sensitive
cppcoreguidelines-rvalue-reference-param-not-moved: extreme, sensitive
llvmlibc-inline-function-decl: style
misc-use-anonymous-namespace: default, extreme, sensitive
Document the new checker misc-use-anonymous-namespace #3803
[cfg] Assign new check profiles for 6.22RC1 #3861

:computer: CLI/Server improvements

Further enhancements to speed up the store procedure #3796
Multiroot analysis #3815 CodeChecker now supports an analysis mode where for each source file, it tries to find the closest compile_commands.json file up in the directory hierarchy starting from the source file. clangd and clang-tidy works this way: https://clangd.llvm.org/installation.html This feature allows the analaysis of multi-root projects also in the vscode plugin Ericsson/CodecheckerVSCodePlugin#113 Previously the input of analysis was a compilation database JSON file. The of this PR is to support the following analysis invocations: ``` # Analyze one source file. CodeChecker analyze main.c -o reports

analyze all source files under a directory.

CodeChecker analyze my_project -o reports ``* **Support report annotations and add dynamic analyzer related annotations** #3849 * **Required format for --checker-config** #3817 "CodeChecker analyze" command has a --checker-config flag. The parameter this flag should be in the following format:::

:deciduous_tree: Environment

[req] Upgrade lxml to 4.9.1 #3799
Fix three bugs and a couple of style issues #3804
Updates to setup.py/PyPI configuration #3819
[test] Upgrade to Python 3.8 in GitHub Actions #3859

:book: Documentation updates

README.md: add python3-setuptools dependency #3729
[docs] Reword what labels, guidelines, checkers mean, and their enabling #3845

:hammer: Other

[version] Bump version to 6.22.0 #3787
[repo] Add vim sessions file to gitignore #3792
[docs] Fix facebook-infer links #3834
[tests] Change subprocess.call to subprocess.Popen #3837
Change dev/test servers port from default #3833

- Python
Published by bruntib about 3 years ago

codechecker - v6.22.0-rc1

:star2: Highlights

Further enhancements to speed up the store procedure

This should allow those that use CodeChecker in CI loops to see fewer timeouts due to long storages, or lower timeout tresholds significantly.

Multiroot analysis

CodeChecker now supports an analysis mode where for each source file, it tries to find the closest compile_commands.json file up in the directory hierarchy starting from the source file.

This feature also affects the CodeChecker Visual Studio Code plugin, where analysis will be done on multiroot projects as well Ericsson/CodecheckerVSCodePlugin#113.

Analyze a single file.

CodeChecker analyze analyze.cpp -o reports

Analyze all source files under a directory.

CodeChecker analyze my_project -o reports ```

Support report annotations and add dynamic analyzer related annotations

CodeChecker is now able to parse additional fields from plist files especially relevant to dynamic analyses.

<key>diagnostics</key> <array> <dict> <key>category</key> <string>Memory error</string> ... <dict> <key>timestamp</key> <string>2000-01-01 10:00</string> <key>testsuite</key> <string>TS-1</key> ... </dict> </dict> </array>

You can read more about this feature in its PR: #3849.

:exclamation: Backward incompatible changes

[cmd] Remove some deprecated flags. #3823
[cmd] Remove --tidy-config flag #3822
[cmd] Remove some deprecated flags. #3823
- CodeChecker checkers --only-enabled DEPRECATED. Show only the enabled checkers. use CodeChecker checkers --details to list the checker status (enabled/disabled)
- CodeChecker checkers --only-disabled. use CodeChecker checkers --details to list the checker status.
- CodeChecker cmd diff -s, --suppressed DEPRECATED. Lists the suppressed reports. Use the --review-status [REVIEW_STATUS [REVIEW_STATUS ...]] flag to filter the results.
- CodeChecker cmd diff --filter FILTER DEPRECATED. Filter diff results. Use the --review-status [REVIEW_STATUS [REVIEW_STATUS ...]] flag to filter the results.
- CodeChecker cmd sum --disable-unique DEPRECATED. Use the '--uniqueing' option to get uniqueing results.
- [cmd] Remove the CodeChecker analyzer --tidy-config flag #3822
- CodeChecker analyze [--tidy-config TIDY_CONFIG] DEPRECATED and removed. Use the CodeChecker analyzers --analyzer-config clang-tidy to list the analyzer options Use e.g. CodeChecker analyze --analyzer-config clang-tidy:WarningsAsErrors=true to set a parameter. Alternatively you can use .clang-tidy config files too

:bug: Analyzer improvements

ignore -fno-keep-inline-dllexport gcc option #3813
Fix error using Clang option '-stdlib=libc++' #3808
[fix] Fix a condition about checkers being compiler warnings #3838
[analyzer] Promote the missing checker warning to an error #3820
[fix] Pass arch flag correctly #3854

:repeat: Profile changes

bugprone-standalone-empty: default, extreme, sensitive
bugprone-unsafe-functions: extreme, security, sensitive
cert-msc24-c: alias of bugprone-unsafe-functions
cert-msc33-c: alias of bugprone-unsafe-functions
cppcoreguidelines-avoid-capture-default-when-capturing-this: extreme, sensitive
cppcoreguidelines-avoid-capturing-lambda-coroutines: default, extreme, sensitive
cppcoreguidelines-avoid-reference-coroutine-parameters: default, extreme, sensitive
cppcoreguidelines-rvalue-reference-param-not-moved: extreme, sensitive
llvmlibc-inline-function-decl: style
misc-use-anonymous-namespace: default, extreme, sensitive
Document the new checker misc-use-anonymous-namespace #3803
[cfg] Assign new check profiles for 6.22RC1 #3861

:computer: CLI/Server improvements

Further enhancements to speed up the store procedure #3796
Multiroot analysis #3815 CodeChecker now supports an analysis mode where for each source file, it tries to find the closest compile_commands.json file up in the directory hierarchy starting from the source file. clangd and clang-tidy works this way: https://clangd.llvm.org/installation.html This feature allows the analaysis of multi-root projects also in the vscode plugin Ericsson/CodecheckerVSCodePlugin#113 Previously the input of analysis was a compilation database JSON file. The of this PR is to support the following analysis invocations: ``` # Analyze one source file. CodeChecker analyze main.c -o reports

analyze all source files under a directory.

:deciduous_tree: Environment

[req] Upgrade lxml to 4.9.1 #3799
Fix three bugs and a couple of style issues #3804
Updates to setup.py/PyPI configuration #3819
[test] Upgrade to Python 3.8 in GitHub Actions #3859

:book: Documentation updates

README.md: add python3-setuptools dependency #3729
[docs] Reword what labels, guidelines, checkers mean, and their enabling #3845

:hammer: Other

[version] Bump version to 6.22.0 #3787
[repo] Add vim sessions file to gitignore #3792
[docs] Fix facebook-infer links #3834
[tests] Change subprocess.call to subprocess.Popen #3837
Change dev/test servers port from default #3833

- Python
Published by bruntib about 3 years ago

codechecker - v6.21.0

:bug: Analyzer improvements

[report-converter] Support Roslynator (#3765) The Roslynator project contains several analyzers for C# built on top of Microsoft Roslyn. CodeChecker now supports the visualization of these C# anlaysis results. It also provides a .NET tool for running Roslyn code analysis from the command line. It is not limited to Microsoft and Roslynator analyzers, it supports any Roslyn anaylzer. It can also report MSBuild compiler diagnostics.

:computer: CLI/Server improvements

Make CodeChecker store about twice as fast (#3777) This small change from a regex to a string search is expected to shave off the time it takes to run a CodeChecker store command by as much as 50%!
[fix] Speed up resolved diffing (#3771) This fixes the everlasting diff runtime, when the report count is large (~60000) and the ReviewStatusRule count is also substantial.

:repeat: Profile changes

[analyzer][clang][clang-tidy] Assign new check profiles (#3769)
- bugprone-assignment-in-if-condition: extreme (no longer in the sensitive and default profiles)
- bugprone-signal-handler: default (new), security (new), sensitive, extreme
- bugprone-suspicious-realloc-usage (new): default, sensitive, extreme
- bugprone-stringview-nullptr (new): default, sensitive, extreme
- bugprone-unchecked-optional-access (new): extreme
- cert-sig30-c: removed from all profiles (as it is an alias to bugprone-signal-handler)
- cppcoreguidelines-avoid-const-or-ref-data-members: sensitive (new), extreme
- cppcoreguidelines-avoid-do-while (new): extreme
- misc-const-correctness: removed from all profiles (it was too extreme even for extreme)
- misc-misleading-bidirectional: default, security (new), sensitive, extreme
- misc-misleading-identifier" (new): default, security, sensitive, extreme
- alpha.unix.Errno: sensitive (new), extreme
- core.uninitialized.NewArraySize (new): default, sensitive, extreme
- alpha.unix.cstring.UninitializedRead (new): extreme

:book: Documentation updates

[analyzer][doc] Mention that Z3 as the constraint solver is highly unstable (#3772) While LLVM supports the usage of Z3, that doesn't mean the same for the Clang Static Analyzer. It is a highly experimental feature that may or may not be generally available in a stable way, which is now better explained in the docs and in --help messages.
[doc] Refurbish several parts of the README (#3763)
- Self-advertise the CodeChecker GitHub CI action!
- Added the PLDI'2020 talk about CodeChecker to the papers section
- Moved information about Python 2 lower as it is no longer really an important thing in today's world
- Figure out the new LLVM monorepo commit for the referenced SVN commit that introduced Bug hashes to Clang SA

:hammer: Other improvements/fixes

Quick fix for cppcheck environment (#3744) The cppcheck needs the original environment when invoked. This quick fix restores it at analyzer invocation.
[bugfix] Old client has different behavior with new server (#3746, #3747) So far, we have supported the communication in between a CodeChecker server and almost all older CodeChecker clients versions. For CodeChecker servers on version 6.20.0, clients issueing CodeChecker cmd diff to the server got an incorrect results, which this PR fixes.
[bugfix] Don't update review status date (#3749) When a review status is set in the GUI then a new entry is inserted to review_statuses table. Every time the same report is stored, its review status date used to be updated, which was a bug, since the storage date is NOT the same as the review status date.
Document 'cppcoreguidelines-avoid-const-or-ref-data-members' (#3734)
Document 'bugprone-suspicious-realloc-usage' (#3755)
Escape &, <, > from the source C-files to HTML-output (#3748) This fixed a bug where CodeChecker parse --export html produced an invalid HTMl file.
[feat] Comment lines in skipfile (#3768) Hashmark (#) character can be used for commenting lines out in skipfiles, and can now be used for CodeCheckers skip files!
Issue a warning about this release being only an RC (#3780) CodeChecker version now warns users about the current release being only a release candidate. Please create a bug report if you find anything wrong, so we can fix it for the proper release!
[fix] Ignore files that .gitignore ignores (#3785)
Set "anywhere on path" in URL (#3783) In the previous release, on the gui, when the "anywhere on path" filter was set, it wasn't saved in the URL. It is now!
[bugfix] Don't crash with intercept-build based compilation database (#3685) CodeChecker was only really compatible with compilation databases where "command" was used instead of "arguments" as the actual command to execute. This is now fixed.
[db] Garbage collection of analysis_info timeout (#3775) The garbage collection of analysis_info table has been restructured because the original query exceeded a 2min timeout.

- Python
Published by Szelethus over 3 years ago

codechecker - v6.21.0-rc1

:bug: Analyzer improvements

[report-converter] Support Roslynator (#3765) The Roslynator project contains several analyzers for C# built on top of Microsoft Roslyn. CodeChecker now supports the visualization of these C# anlaysis results. It also provides a .NET tool for running Roslyn code analysis from the command line. It is not limited to Microsoft and Roslynator analyzers, it supports any Roslyn anaylzer. It can also report MSBuild compiler diagnostics.

:computer: CLI/Server improvements

Make CodeChecker store about twice as fast (#3777) This small change from a regex to a string search is expected to shave off the time it takes to run a CodeChecker store command by as much as 50%!
[fix] Speed up resolved diffing (#3771) This fixes the everlasting diff runtime, when the report count is large (~60000) and the ReviewStatusRule count is also substantial.

:repeat: Profile changes

[analyzer][clang][clang-tidy] Assign new check profiles (#3769)
- bugprone-assignment-in-if-condition: extreme (no longer in the sensitive and default profiles)
- bugprone-signal-handler: default (new), security (new), sensitive, extreme
- bugprone-suspicious-realloc-usage (new): default, sensitive, extreme
- bugprone-stringview-nullptr (new): default, sensitive, extreme
- bugprone-unchecked-optional-access (new): extreme
- cert-sig30-c: removed from all profiles (as it is an alias to bugprone-signal-handler)
- cppcoreguidelines-avoid-const-or-ref-data-members: sensitive (new), extreme
- cppcoreguidelines-avoid-do-while (new): extreme
- misc-const-correctness: removed from all profiles (it was too extreme even for extreme)
- misc-misleading-bidirectional: default, security (new), sensitive, extreme
- misc-misleading-identifier" (new): default, security, sensitive, extreme
- alpha.unix.Errno: sensitive (new), extreme
- core.uninitialized.NewArraySize (new): default, sensitive, extreme
- alpha.unix.cstring.UninitializedRead (new): extreme

:book: Documentation updates

[analyzer][doc] Mention that Z3 as the constraint solver is highly unstable (#3772) While LLVM supports the usage of Z3, that doesn't mean the same for the Clang Static Analyzer. It is a highly experimental feature that may or may not be generally available in a stable way, which is now better explained in the docs and in --help messages.
[doc] Refurbish several parts of the README (#3763)
- Self-advertise the CodeChecker GitHub CI action!
- Added the PLDI'2020 talk about CodeChecker to the papers section
- Moved information about Python 2 lower as it is no longer really an important thing in today's world
- Figure out the new LLVM monorepo commit for the referenced SVN commit that introduced Bug hashes to Clang SA

:hammer: Other improvements/fixes

Quick fix for cppcheck environment (#3744) The cppcheck needs the original environment when invoked. This quick fix restores it at analyzer invocation.
[bugfix] Old client has different behavior with new server (#3746, #3747) So far, we have supported the communication in between a CodeChecker server and almost all older CodeChecker clients versions. For CodeChecker servers on version 6.20.0, clients issueing CodeChecker cmd diff to the server got an incorrect results, which this PR fixes.
[bugfix] Don't update review status date (#3749) When a review status is set in the GUI then a new entry is inserted to review_statuses table. Every time the same report is stored, its review status date used to be updated, which was a bug, since the storage date is NOT the same as the review status date.
Document 'cppcoreguidelines-avoid-const-or-ref-data-members' (#3734)
Document 'bugprone-suspicious-realloc-usage' (#3755)
Escape &, <, > from the source C-files to HTML-output (#3748) This fixed a bug where CodeChecker parse --export html produced an invalid HTMl file.
[feat] Comment lines in skipfile (#3768) Hashmark (#) character can be used for commenting lines out in skipfiles, and can now be used for CodeCheckers skip files!
Issue a warning about this release being only an RC (#3780) CodeChecker version now warns users about the current release being only a release candidate. Please create a bug report if you find anything wrong, so we can fix it for the proper release!

- Python
Published by Szelethus over 3 years ago

codechecker - v6.20.0

:bug: Analyzer improvements

Cppcheck support (#3680) Cppcheck is a static analyzer tool which is now driven by CodeChecker. Similar to Clang analysis, Cppcheck also can be configured and executed by CodeChecker. For configuration and execution see Configure Clang Static Analyzer and checkers Guide Please note that you need to add cppcheck to your PATH (env var) before using it with CodeChecker. WARNING: The analysis results depend on which cppcheck version you configured
Merge, and don't override when multiple --analyzer-configs are specified (#3655) When multiple --analyzer-config options are given to CodeChecker then only the last one was taken into account. From this version both are handled: --analyzer-config <option1> --analyzer-config <option2>. The old format is also still available: --analyzer-config <option1> <option2>. This is especially useful when you specify the base analysis parameters in the codechecker_config file and you want to override certain parameters in the command line.

:computer: CLI/Server improvements

Refactored Review Status Handling
- Changed handling of in-code suppressions (e.g. //codechecker_suppress [ all ] This is a false warning) (#3580) Review status is now connected to the individual reports instead of the (all reports) with the same report hash. This makes it possible to mark a bug as a false positive on one branch (and store it in a run) and mark it as intentional on another branch. Warning: The different handling of such rare cases can cause a change in the checker statistics.
- Changed handing of suppressions in the GUI (#3646) If you handle suppressions in the GUI instead of the source code, the suppressions remain effective for all reports identified by the same bug hash. These are called "suppression rules". You can list and manage such rules in the "Review Status Rules" window:
- Changed visualization of false positive and intentional reports in the Oustanding Reports Statistics Outstanding report statistics excluded false positive reports from the graphs even for time periods, when these reports were active. After this change, the reports will be counted in the outstanding reports graphs until the time they were classified as false positive. So you will be able to see a decreasing trend in the outstanding reports graph, after you classify reports false positive.

Find reports by file anywhere on bugpath (#3717) In the GUI the set of reports can be filtered by filename or source component. However, these filters are concerning the last bug point, i.e. one can list the set of reports ending in a specific file.

A new filter option has been introduced which returns all reports where the file is involved at any part of the bug path.

Fix storage of headers with same name in different paths (#3706) When a header file occurred in multiple directories with the same name (for example multiple standard libraries at different locations are involved in the project) then only one of them was stored to the server. This has been fixed, so all instances are stored now.
--trim-path-prefix flag may now contain joker characters (#3674) --trim-path-prefix flag helps to remove a given prefix of each file path during report storage. This prefix may now contain joker characters too. The longest matching prefix will be eliminated from each file path.
Don't ignore compiler warnings, even if clangtidy:take-config-from-directory=true is specified (#3698) clangtidy:take-config-from-directory is an analyzer config that makes ClangTidy get its arguments from a .clang-tidy file, and only from that file. What this implies, is that all other options on the command line for ClangTidy will be ignored. The problem was that this also ignores compiler warnings, so it has been fixed.
Garbage collection enhancement in "files" table (#3710) When a run storage and removal occurs concurrently with both referring the same file may result a foreign key constraint error on server side and storage fails. This has been fixed.
Import the suppressions per report (#3693) CodeChecker cmd suppress run_name -i <import_file> will only import suppressions for the run indicated by run_name, and not all reports in all runs.
Fix remote diff behavior (#369) When two runs are compared then reports should be considered as closed even if their review status is false positive or intentional.
Speed up run deletion (#3700) Sometimes run deletion is a slow operation due to cascades and such. So runs are deleted in separate transactions in order to avoid potential statement timeouts in a DBMS.
Get failed files with CodeChecker cmd runs --details (#3669) This command now lists the files that are failed to analyze.
Fix storage of context-insensitive ClangSA reports (#3662) In some cases ClangSA produced plists where an included file had a context-insensitive bug report at the exact same "file:row:col:checker", but different bug hash. Only one instance of these reports were stored before this release.
*Fix exceptions during blame information storage (#3647) When the HEAD file exists in the .git directory but the user who is running the CodeChecker store command doesn't have permission to this file then the storage failed.
Fix uniqueing compilation commands (#3635)

:repeat: Profile changes

The following checkers are added to the following profiles (#3714)
- alpha.unix.Errno: extreme
- bugprone-assignment-in-if-condition: default, sensitive, extreme
- misc-const-correctness: extreme
- misc-confusable-identifiers: default, sensitive, extreme
- modernize-macro-to-enum: extreme
All cppcheck checker from the error and warning category have been added to the default profile

:book: Documentation updates

Refactoring the analyzer user guide (#3694)
Checker documentation URLs have changed in ClangTidy (#3715)
Fix some links in README.md (#3512)
Enhancement of the user guides related to the run comparison feature (#3696)
Fix some CLI usage examples in the docs (#3666)
Add documentation to the python thrift client example (#3652)

:hammer: Other improvements/fixes

Fix ctu extdef mapping file with space problem (#3653) CodeChecker uses clang-extdef-mapping utility during CTU analysis. This collects for each function definition in which file they have been defined. The format of this mapping file changed, and this change needs to be adapted in CodeChecker.
Adding dev_package make target (#3682) This make target results symlinks in the build directory to the source files. This way it is not necessary to rebuild CodeCompass for each source code change during the development. Known issue: CC_LIB_DIR needs to be set to .../build/CodeChecker/lib/python3 directory.
Fix install of PPA clang-tidy in config coverage job (#3678) Fixing a broken installment in GitHub Actions.
Add a job that checks coverage of checker labelling (#3367)
Minor improve some debug logs (#3659) There was a debug log which could not be used for debugging, because the arguments containing whitespaces were not quoted properly.
Fix the incorrect run count on the product page (#3733) Due to a bug in our caching strategy, the number of runs in a product displayed on the product page were sometimes higher than the actual count (which was corrently displayed in the bottom left of the run page). This occurred when multiple runs were deleted at once.

- Python
Published by Szelethus over 3 years ago

codechecker - v6.20.0-rc1

:bug: Analyzer improvements

Cppcheck support (#3680) Cppcheck is a static analyzer tool which is now driven by CodeChecker. Similar to Clang analysis, Cppcheck also can be configured and executed by CodeChecker. For configuration and execution see Configure Clang Static Analyzer and checkers Guide Please note that you need to add cppcheck to your PATH (env var) before using it with CodeChecker. WARNING: The analysis results depend on which cppcheck version you configured
Merge, and don't override when multiple --analyzer-configs are specified (#3655) When multiple --analyzer-config options are given to CodeChecker then only the last one was taken into account. From this version both are handled: --analyzer-config <option1> --analyzer-config <option2>. The old format is also still available: --analyzer-config <option1> <option2>.

:computer: CLI/Server improvements

Refactored Review Status Handling
- Changed handling of in-code suppressions (e.g. //codechecker_suppress [ all ] This is a false warning) (#3580) Review status is now connected to the individual reports instead of the (all reports) with the same report hash. This makes it possible to mark a bug as a false positive on one branch (and store it in a run) and mark it as intentional on another branch. Warning: The different handling of such rare cases can cause a change in the checker statistics.
- Changed handing of suppressions in the GUI (#3646) If you handle suppressions in the GUI instead of the source code, the suppressions remain effective for all reports identified by the same bug hash. These are called "suppression rules". You can list and manage such rules in the "Review Status Rules" window:
- Changed visualization of false positive and intentional reports in the Oustanding Reports Statistics Outstanding report statistics excluded false positive reports from the graphs even for time periods, when these reports were active. After this change, the reports will be counted in the outstanding reports graphs until the time they were classified as false positive. So you will be able to see a decreasing trend in the outstanding reports graph, after you classify reports false positive.

Find reports by file anywhere on bugpath (#3717) In the GUI the set of reports can be filtered by filename or source component. However, these filters are concerning the last bug point, i.e. one can list the set of reports ending in a specific file.

A new filter option has been introduced which returns all reports where the file is involved at any part of the bug path.

Fix storage of headers with same name in different paths (#3706) When a header file occurred in multiple directories with the same name (for example multiple standard libraries at different locations are involved in the project) then only one of them was stored to the server. This has been fixed, so all instances are stored now.
--trim-path-prefix flag may now contain joker characters (#3674) --trim-path-prefix flag helps to remove a given prefix of each file path during report storage. This prefix may now contain joker characters too. The longest matching prefix will be eliminated from each file path.
Don't ignore compiler warnings, even if clangtidy:take-config-from-directory=true is specified (#3698) clangtidy:take-config-from-directory is an analyzer config that makes ClangTidy get its arguments from a .clang-tidy file, and only from that file. What this implies, is that all other options on the command line for ClangTidy will be ignored. The problem was that this also ignores compiler warnings, so it has been fixed.
Garbage collection enhancement in "files" table (#3710) When a run storage and removal occurs concurrently with both referring the same file may result a foreign key constraint error on server side and storage fails. This has been fixed.
Import the suppressions per report (#3693) CodeChecker cmd suppress run_name -i <import_file> will only import suppressions for the run indicated by run_name, and not all reports in all runs.
Fix remote diff behavior (#369) When two runs are compared then reports should be considered as closed even if their review status is false positive or intentional.
Speed up run deletion (#3700) Sometimes run deletion is a slow operation due to cascades and such. So runs are deleted in separate transactions in order to avoid potential statement timeouts in a DBMS.
Get failed files with CodeChecker cmd runs --details (#3669) This command now lists the files that are failed to analyze.
Fix storage of context-insensitive ClangSA reports (#3662) In some cases ClangSA produced plists where an included file had a context-insensitive bug report at the exact same "file:row:col:checker", but different bug hash. Only one instance of these reports were stored before this release.
*Fix exceptions during blame information storage (#3647) When the HEAD file exists in the .git directory but the user who is running the CodeChecker store command doesn't have permission to this file then the storage failed.
Fix uniqueing compilation commands (#3635)

:repeat: Profile changes

The following checkers are added to the following profiles (#3714)
- alpha.unix.Errno: extreme
- bugprone-assignment-in-if-condition: default, sensitive, extreme
- misc-const-correctness: extreme
- misc-confusable-identifiers: default, sensitive, extreme
- modernize-macro-to-enum: extreme
All cppcheck checker from the error and warning category have been added to the default profile

:book: Documentation updates

Refactoring the analyzer user guide (#3694)
Checker documentation URLs have changed in ClangTidy (#3715)
Fix some links in README.md (#3512)
Enhancement of the user guides related to the run comparison feature (#3696)
Fix some CLI usage examples in the docs (#3666)
Add documentation to the python thrift client example (#3652)

:hammer: Other improvements/fixes

Fix ctu extdef mapping file with space problem (#3653) CodeChecker uses clang-extdef-mapping utility during CTU analysis. This collects for each function definition in which file they have been defined. The format of this mapping file changed, and this change needs to be adapted in CodeChecker.
Adding dev_package make target (#3682) This make target results symlinks in the build directory to the source files. This way it is not necessary to rebuild CodeCompass for each source code change during the development. Known issue: CC_LIB_DIR needs to be set to .../build/CodeChecker/lib/python3 directory.
Fix install of PPA clang-tidy in config coverage job (#3678) Fixing a broken installment in GitHub Actions.
Add a job that checks coverage of checker labelling (#3367)
Minor improve some debug logs (#3659) There was a debug log which could not be used for debugging, because the arguments containing whitespaces were not quoted properly.

- Python
Published by bruntib almost 4 years ago

codechecker - v6.19.1

:bug: Analyze fixes

Disappearing --stats flag (#3630, #3633) CodeChecker analyze command has --stats flag if there is at least one checker contating statisticsbased in its name. We are using the checker listing function to determine the list of checkers but by default it excludes modeling checkers. This default behavior should be overridden when checking if underlying Clang supports statistics based checkers.
Add -sdkroot option to COMPILE_FLAGS structure (#3631) A special downstream compiler duplicated the --sysroot option, and CodeChecker is not aware of the option chosen by this downstream compiler. Adding these entries enables CodeChecker to not drop or strip the arguments to this option when interpreted and driven from a compile_commands.json file.

:hammer: Other fixes

Add pyyaml dependency to the web part to fix docker container (#3626)
Fix snap package build (#3624)

For more information check the milestone.

- Python
Published by csordasmarton about 4 years ago

codechecker - v6.19.0

:exclamation::exclamation::exclamation: Backward incompatible changes :exclamation::exclamation::exclamation:

Fix JSON format of CodeChecker version subcommand (#3558) The output of the CodeChecker version -o json command wasn't a valid JSON format. From this release CodeChecker will provide a valid JSON output for this command. For more information see the documentation.
Not allowing disabling modeling checkers in ClangSA (#3323) When a Clang Static Analyzer checker is disabled in CodeChecker, clang is invoked with the analyzer-disable-checker flag. This allows the user disabling core modeling checkers such as unix.DynamicMemoryModeling. This causes malfunctioning of depending checkers. From this release modeling and debug checkers (listed with clang -cc1 -analyzer-checker-help-developer) will not be listed and cannot be disabled through CodeChecker with the --enable and --disable flags. They can be enabled/disabled through the Clang Static Analyzer specific --saargs flag only.
Change minimum supported node version (#3581, #3586) The minimum supported node version to build CodeChecker after this release is >=14.17.0.

:star: New features

Add print-steps option to CodeChecker cmd diff command (#3555) Without bug steps it is hard to understood the problem by a programmer. With this commit we will introduce a new option for the CodeChecker cmd diff command which can be used to print bug steps similar what we are doing at the CodeChecker parse command. This patch also solve the problem to print bug steps in HTML files for reports which comes from a CodeChecker server.
Support yaml CodeChecker configuration files (#3602) Multiple subcommands have a --config option which allow the configuration from an explicit configuration file. The parameters in the config file will be emplaced as command line arguments. Previously we supported only JSON format but the limitation of this format is that we can't add comments in this file for example why we enabled/disabled a checker, why an option is important etc. From this release we will also support YAML format: ```yaml analyzer: # Enable/disable checkers.
- --enable=core.DivideZero ``` For more information see the documentation.

:computer: CLI / Server improvements / fixes

Allow --file and skipfile option to be given together and analyze header file (#3616) The CodeChecker VSCodePlugin uses the --file parameter to analyze single files. Large projects load in their configuration using the --config parameter and if there is a -i skipfile given in the config, CodeChecker analyze call drops an error. From this release CodeChecker will allow -i skipfile and --file to be given together. Also if a header file is given to the --file option CodeChecker under the hood will try to figure out which source files are depends on the given header file and we will analyze these source files.
Allow escaping : in run names with \: (#3536) In certain scenarios, the run name might contain a : character that does NOT separate a tag from a name. Commands such as server and cmd results accept : as a literal in the name, but cmd diff previously cut it as the "run tag" separator.
Update allowed TLS versions (#3594) TLS1 and TLS1.1 were deprecated in RFC8996. From this release CodeChecker will enforce the newer TLS1.2 or TLS1.3.
Fix HTML generation for CodeChecker cmd diff command (#3600) If the diff command result contained reports from multiple source files (e.g.: a.cpp + b.cpp) the CodeChecker cmd diff command in HTML format generated HTML files for each source file but inserted the same list of reports in all of the HTML files. From this release CodeChecker will insert only those reports to a generated HTML file which are really related to that file.
Relative doc url to absolute file path (#3609) Convert relative doc_url value's to absolute file paths in the CodeChecker checkers output. This way other tools can open and view these documentation files easily.
Fix html generation for report directory without plists (#3610) Fix HTML generation for report directory which doesn't contain any analyzer result (plist) file.

:repeat: Profile changes

The following checkers are added to the following profiles (#3621)
- bugprone-shared-ptr-array-mismatch: default, extreme, sensitive
- misc-misleading-bidirectional: default, extreme, sensitive
- readability-container-contains: default, extreme, sensitive
The following checkers are removed from the following profiles (#3618)
- cppcoreguidelines-narrowing-conversions: extreme

:bug: Analyze improvements / fixes

Proper handling of multi-target build (#3598)
Prefer ldlogger over intercept-build (#3605)
Quote command line segment using shlex (#3578)
Fix ldlogger escaping a bunch of characters (#3589)
Handle relative file paths in compilation database (#3587)
Avoid plist filenames being the same (#3588)
Proper exit code for CodeChecker check in case of exception (#3603).
Print info message about logger tool (#3573)
Add severity for readability-duplicate-include (#3592)

:book: Documentation updates

Update documentation with multiple source code comments in the same line (#3597)
Highlight that user must be logged in before token generation (#3599)
List possible severity levels for JSON report format (#3604)
Extend documentation with implicitly disabled checkers under --enable-all (#3611)
Added link to basic database setup (#3541)
Fix grammatical and spelling errors in documentations (#3557)
Mention CodeChecker vscode extension in the docs (#3585)

:hammer: Other improvements / fixes.

Thrift Python client example (#3575)
No rebuild on satisfied requirements (#3547)
Port LD-logger tests to python (#3153)
Fix compile warnings, missing return statements, etc. (#3590)
Fix the prepare debug scripts (#3614)
Upgrade python-ldap to 3.4.0 (#3550)
Upgrade lxml to 4.7.1 (#3553)
Upgrade npm packages (#3581, #3586)
Upgrade python version to 3.9.7 in docker image (#3591)

For more information check the milestone.

:tada: CodeChecker VSCode plugin

We are proud to announce the official release of CodeChecker VSCode plugin.

:star2: Main features

Run CodeChecker analysis from the editor and see the results automatically.
Re-analyze the current file when saved.
Commands and build tasks for running CodeChecker as part of a build system.
Browse through the found reports and show the reproduction steps directly in the code.
Navigate between the reproduction steps.

:computer: Trying It Out

Install CodeChecker version 6.18.2 or later and optionally add it to the PATH environment variable.
Install CodeChecker extension from the Visual Studio Marketplace, from Open VSX or download manually from Downloads.
Check the path to CodeChecker and set your preferred command-line arguments - see Configuring CodeChecker for more information.
Open your project, and run an analysis, or browse through the found reports!

- Python
Published by csordasmarton about 4 years ago

codechecker - v6.18.2

:bug: Analyze fixes

Fix skipping reports (#3559). When a skip list was set, not only those reports were skipped that were included in the skipped files, but also those that had a bug path traversing a skipped file. This resulted in disappeared findings.
Fix static HTML report files (#3570). It was not always possible to navigate in the static HTML files, when the bug path traversed multiple files.
Remove bugprone-easily-swappable-parameters from sensitive profile (#3579). The checker warns for a bugprone coding style at function definitions. It is mostly useful for new code, where new functions are being defined. On the other hand, the checker required too many changes in legacy projects with non-matching coding style.

:computer: CLI / Server fixes

Fix suppressing bug on the server (#3563). When the report was in multiple lines, the source code comments in the code were not taken into consideration.
Fix source line / file for remote reports (#3568). An exception was thrown at CodeChecker cmd diff when path trimming was used in the stored results.
Fix storage of control points (#3576). Not all of the control points were stored to the server, because the plist format what the report converter produced and the plist parser expected was invalid. This way when an analyzer result file was stored to the server, bug path arrows were missing from the GUI.
Escape values for v-html attributes (#3549). We are using v-html attribute on the UI side to dinamically rendering comments and analyzer commands. This can be very dangerous because it can easily lead to XSS vulnerabilities. To solve this problem the server will always return the escaped version of these values which can be safely rendered on the UI.
Fix link in gerrit output (#3572). If CC_REPORT_URL is defined and gerrit format is used at CodeChecker parse or CodeChecker cmd diff commands, the output will contain the value of this environment variable wrapped inside quotes. When this output is sent to gerrit, it will convert URL links to HTML a tags. Unfortunately gerrit will think that the ending quote is part of the URL, so it will not remove it. This way the URL will be invalid.
Change permission of stored analysis failure files (#3574). Change permission of the stored analysis failure zip files so only the current user/group will have access to this file.

For more information check the milestone.

- Python
Published by csordasmarton over 4 years ago

codechecker - v6.18.1

:bug: Analyze improvements / fixes

Add label for file markdownlint (#3505).
Include cppcoreguidelines-virtual-class-destructor in profiles (#3532).
Add bugprone-unhandled-exception-at-new to default profile (#3531).

:computer: CLI / Server improvements / fixes

Add --file filter option for CodeChecker parse command (#3454).
Add checker documentation URLs to static HTML files (#3539).
Fix html output of CodeChecker parse (#3524, #3538).
Handle missing database file ids for file paths (#3508).
Simplify query for Other source component (#3534).
Improve cli store log (#3533).
More info logs at server for storage API request (#3509).
Use print_exc at store command (#3511).
Fix number of outstanding reports chart (#3544).
Fix whitespace in run name links (#3529).
Print broken pipe errors properly (#3516).

:book: Documentation updates

Update the Usage Guide with failed zips (#3503).
Add taint analysis documentation (#3522).
Add new features section for 6.18.0 release (#3530).
Mention more details in the build instructions (#3517).
Documentation for parse JSON output (#3519).

:hammer: Other improvements / fixes.

Fix building snap package (#3496).
Add static files to the pypi package (#3502).
Fix running docker container with existing volume (#3540).
New build argument (CC_REPO) for docker image (#3543).
Fix non-deterministic test in plist to html (#3545).
Upgrade lxml to 4.6.4 (#3528).

For more information check the milestone.

:bulb: Hints

:dvd: 1. Installing CodeChecker

CodeChecker can be installed and used from multiple repositories: - PyPi - Snap - Docker

For more information see the installation guide.

:file_cabinet: 2. Storage of multiple analyzer results

CodeChecker can be used as a generic tool for visualizing analyzer results of multiple static and dynamic analyzers: - C/C++: Clang Static Analyzer, Clang Tidy, Clang Sanitizers, Cppcheck, Facebook Infer, cpplint etc. - Java: SpotBugs, Facebook Infer. - Python: Pylint, Pyflakes. - JavaScript: ESLint - TypeScript: TSLint - Go: Golint - Markdown: Markdownlint

For details see supported code analyzers documentation and the Report Converter Tool.

- Python
Published by csordasmarton over 4 years ago

codechecker - v6.18.0

:exclamation::exclamation::exclamation: Backward incompatible CLI change :exclamation::exclamation::exclamation:

The JSON output of the CodeChecker parse command was not stable enough and the structure was very similar to the plist structure. Our plan is to support reading/parsing/storing of multiple analyzer output types not only plist but for example sarif format as well (http://docs.oasis-open.org/sarif/sarif/v2.0/csprd01/sarif-v2.0-csprd01.html). For this reason we changed the format of the JSON output of the CodeChecker parse and CodeChecker cmd diff command. The new format is described in #3519.

New features

Get access controls (#3476)

Create a new global role (PERMISSION_VIEW) which will be used to allow the users to fetch access control information from a running CodeChecker server by using the CodeChecker cmd permissions subcommand.

Analyze improvements / fixes

Uplifting label file for clang 13 (#3485).
Add label files for sanitizers (#3471).
Add labels for compiler warnings (#3483).
Add labels for some supported report converters (#3484).
Fix check for response files (#3474).
Use -imacros flag instead of -macros (#3428).
Ignore -mfp16-format, -fmacro-prefix-map, -fno-defer-pop, -fstack-usage flags (#3433, #3445).
Add misra c guideline (#3489).
Removing cppcoreguidelines-virtual-class-destructor from the profiles (#3494).

CLI / Server improvements / fixes

Add confidentiality classification to the product config (#3405)
Jump to checker docs automatically (#3455).
Support newline in analysis info (#3490).
Fix run name link in report info (#3477).
Fix console error on reports page (#3478).
Fix weird file path filter (#3479).
Fix getting checker labels for 'unknown' analyzer (#3491).
Change required permission to view access for some API request (#3440).
Fix getting git commit url (#3453).
Update blame info (#3488).

Other improvements / fixes.

Refactoring code for sarif support (#3462).
Fix duplication warning when collecting blame info (#3446).
Upgrade mkdocs to 1.2.3 (#3472).
Use clang-13 in the CI, uplift tests accordingly (#3475).
Add github action to publish snap package (#3492).
Install common requirements on venv_dev target (#3493).
Mention venv_dev target in the main readme file (#3480).
Do not skip building the UI code when creating a pypi package (#3461).
Small typo fix (#3434)

For more information check the milestone.

- Python
Published by csordasmarton over 4 years ago

codechecker - v6.17.0

New features

Git blame integration (#3398, #3423, #3425, #3430)

With this feature it will be possible for a developer to check who modified the source line last where a CodeChecker error appears.

If the project which was analyzed is a git repository CodeChecker store command will store blame information for every source files which are not stored yet.
The GUI will have a button on the report detail view to show blame information alongside the source file.
Hovering the mouse over a blame line, commit details will be shown in a pop-up window. Clicking on the hash will jump to the remote url of the repository and shows the commit which related to a blame line.

Cleanup plans (#3419)

Cleanup plans can be used to track progress of reports in your product. The conception is similar to the github Milestones.

You can do the following: - Managing cleanup plans: you can create cleanup plans by clicking on the pencil icon at the Cleanup plan filter on the Reports page. A pop-up window will be opened where you can add, edit, close or remove existing cleanup plans. - Add reports to a cleanup plan: you can add multiple reports to a cleanup plan on the Reports page or on the Report detail page by clicking to the Set cleanup plan button and selecting a cleanup plan. Note: you can remove reports from a cleanup plan the same way by clicking on the cleanup plan name. - Filter reports by cleanup plans: you can filter reports by a cleanup plan by using the Cleanup plan filter on the Reports page. Using this filter with other filters (Detection status, Review status etc.) you will be able to filter active / resolved reports in you cleanup plan.

Local diff workflow support (#3388)

If you want to use CodeChecker in your project but you don't want to run a CodeChecker server and to fix every reports found by CodeChecker for the first time (legacy findings) with this feature you can do the following: 1. Analyze your project to a report directory as usual (e.g.: ./reports). 2. Create a baseline file from the reports which contains the legacy findings: CodeChecker parse ./reports -e baseline -o reports.baseline. Note: it is recommended to store this baseline file (reports.baseline) in your repository. 3. On source code changes after your project is re-analyzed use the CodeChecker diff command to get the new reports: CodeChecker cmd diff -b ./reports.baseline -n ./reports --new 4. On configuration changes (new checkers / options are enabled / disabled, new CodeChecker / clang version is used, etc.) re-generate the baseline file (step 1-2).

LeakSanitizer Parser (#3368, #3375)

The report-converter tool is extended with LeakSanitizer which is a run-time memory leak detector for C programs.

```sh

Compile your program.

clang -fsanitize=address -g lsan.c

Run your program and redirect the output to a file.

ASANOPTIONS=detectleaks=1 ./a.out > lsan.output 2>&1

Generate plist files from the output.

report-converter -t lsan -o ./lsan_results lsan.output

Store reports.

CodeChecker store ./lsan_results -n lsan ```

For more information see.

Checker label (#3233, #3413, #3414, #3415, #3432)

Previously the properties of checkers (severity, profile, guideline) are read from several JSON files. The goal was to handle all these and future properties of checkers in a common manner. This new solution uses labels which can be added to checkers.

The collection of labels is found in config/labels directory. The goal of these labels is that you can enable or disable checkers by these labels.

```sh

List checkers in "sensitive" profile.

CodeChecker checkers --label profile:sensitive

List checkers in "HIGH" severity.

CodeChecker checkers --label severity:HIGH

List checkers covering str34-c SEI-CERT rule.

CodeChecker checkers --label sei-cert:str-34-c

List checkers covering all SEI-CERT rules.

CodeChecker checkers --label guideline:sei-cert

List available profiles, guidelines and severities.

CodeChecker checkers --profile CodeChecker checkers --guideline CodeChecker checkers --severity

List labels and their available values.

CodeChecker checkers --label CodeChecker checkers --label severity

Enable HIGH checkers during analysis.

CodeChecker analyze \ ./compile_commands.json \ -o ./reports -e severity:HIGH ```

Note: with this new feature we also added severity levels for pylint (#3414) and cppcheck (#3415) analyzers.

Analyze improvements / fixes

Allow to override checker list (#3203).
Handle clang binary without installed dir (#3186).
Don't hardcode GCC in build-logger Makefile (#3352).
Improve debug log messages (#3361).
Remove the MallocOverflow checker from the sensitive profile (#3392).
Add the MallocOverflow checker to the extreme profile (#3400).
Create new diagnostic message hash (#3402).
Build log transformer: also ignore -fno-reorder-functions (#3411).
Don't run ClangSA checkers from clang-tidy (#3417).

CLI (parse, diff, etc.) improvements / fixes

Parse command exits with error in case of duplicated suppress comment (#3253).
Make parse subcommand to work with --skip option correctly (#3328).
Log options from the configuration file (#3341).
Do not print sensitive information when exception happens (#3355).
Add severity to CodeClimate export (#3356).
Improve log messages for gerrit output (#3374).
Fix gerrit output (#3378).
Fix check command config file support (#3385).

Server improvements / fixes

Use processes instead of threads (#3349).
Product View Permission (#3332).
Add index for report and run history id columns (#3351).
Unzip storage zip file to workspace directory (#3347).
Log run id when storing a run (#3358).
Comment date collision (#3360).
Fix exporting checker statistics to CSV (#3362).
Rephrase "report not found" error message (#3376)
Create columns for product details (#3382).
Fix setting analysisinfoid_seq (#3383).
Add 'thrift==0.13.0' dependency explicitly (#3389, #3394).
Show edit option only for admins (#3426).

Other improvements fixes.

Add local package to git automatically and refactore the doc (#3319).
Fix pypi package github action (#3344).
include package data files in python package (#3357).
Remove doxygen requirement (#3346).
Update checkerandanalyzer_configuration.md (#3350).
Web docker image hooks (#3359).
Add wait-for script to the docker image (#3364).
Change permission of helper script in docker image (#3365).
Usage of skip list handler is not optional anymore (#3366).
Fix broken alembic urls (#3390).
Documentation for Pypi package (#3391).
Add the severity for "readability-identifier-length" (#3403).
Override argparse error code (#3408).
Extend documentation with multi storage feature (#3420).
Test workspace is not necessarily under HOME (#3421).
Add the license file to the pypi package (#3422).
Add new features for 6.16.0 and 6.17.0 releases (#3427).

- Python
Published by csordasmarton over 4 years ago

codechecker - v6.16.0

New features

`PyPI` package support (#3251, #3301).

PyPI is the most commonly used central repository for Python packages. For this reason from this release we will provide an official PyPI package for CodeChecker. This PyPi package can be easily installed on both Unix and Windows based systems easily by using the pip command: pip install codechecker.

Add compilation database generator for Bazel (#3226, #3284).

CodeChecker was extended with a tool that can capture compilation database of a Bazel built product without actually performing compilation. For more information see.

Exporter/importer command for `CodeChecker cmd` (#3116)

New command line options are introduced (CodeChecker cmd export and CodeChecker cmd import) which can be used to export comments and review status for a particular run in a JSON based format from a running CodeChecker server and import it to another server. ```sh

Export data from one server.

CodeChecker cmd export -n myrun \ --url https://first-server.codechecker.com:443 2>/dev/null | python -m json.tool > myrun_export.json

Import data to another server.

CodeChecker cmd import -i myrun_export.json --url https://second-server.codechecker.com:443 ```

Sparse and Cpplint analyzers support (#3160, #3248).

The report-converter tool was extend with two more analyzers: - Sparse which is a semantic checker for C programs; it can be used to find a number of potential problems with kernel code. - CppLint which is a lint-like tool which checks C++ code against Google C++ Style Guide.

For more information see.

Analyze improvements / fixes

Set parse subcommand exit code to 2 when any report exist (#3313).
Use maximum CPU resources by default during analysis (#3249).
Generate reproducer (#3324).
Enable the build logger fix for CR and LF by default (#3310).
Fix ccache compiler detection (#3204).
Adding severities for checkers (#3218, #3337).
Remove some code duplication from CodeChecker check command (#3217).
Add altera-unroll-loops to the list of checkers (#3266).
Adding cert checkers to sensitive profile (#3338).
Relative include paths to --sysroot (#3259).
Handle getting options for old analyzer version (#3297).
Fix logger compilation warnings (#3305).
Fix yaml dumper (#3331).

CLI (parse, diff, etc.) improvements / fixes

Fix storage of multiple report directory (#3263, #3281, #3339).
Fix creating session file (#3212).
Handle no mandatory env var when using gerrit output (#3196).
Handle invalid proxy settings (#3198).
Fix for SpotBugs Report Conveter with Plugins (#3262).
Use codecheckerreporthash module (#3270, #3317).

Server improvements / fixes

Cleanup unused data (comments, review statuses) (#3243).
Add analyzer commands for reports (#3320, #3336).
Add documentation link to the bug report (#3330).
Fix failed files uniqueing on the statistics page (#3285).
Allow to change the outstanding reports chart resolution (#3179).
Change granularity for Number of outstanding reports chart (#3036).
Faster query for reports (#3316).
Fix quotes in system comments (#3094).
Add button to copy file path (#3176).
Close filter settings on apply (#3178).
Run filter is not working for the new reports at the Product overview statistics (#3035).
Use textarea at source component description (#3190).
Show review status selector even if status change is disabled (#3195).
Highlight row in code editor on hover event (#3224).
Highlight report on the scrollbar (#3225).
Get CodeChecker API version automatically in webpack (#3265).
Move generated API stubs to the repo (#3268, #3288).
Workaround for SQLite limitation in severity change (#3282).
Permission checking compares auth. names in case insensitive… (#3279)

Other improvements fixes.

Scrollable sidebar at plist2html (#3327).
Version upgrades (#3211, #3034, #3252, #3333).
Add coverage for unit tests (#3315).
Add type hints (#3215, #3216, #3214, #3280).
Use Python3 enums (#3291).
Use python3 new style classes (#3290).
Documentation updates (#3222, #3246, #3261, #3292, #3295, #3302).
Performance test improvement (#3278, #3287, #3289, #3325).
Use singleton when creating context objects (#3193).
Fix non existen report directory test (#3250).
Fix unused import (#3264).
Compile test project with c++11 explicitly (#3283).
Add semicolon to web Makefile (#3298).
Ignore errors when removing workspace directories (#3300, #3329).
Refactor process runner function (#3307).
Enable cyclic-import and consider-iterating-dictionary checks (#3314).
Fix running tu_collector test target (#3334).

- Python
Published by csordasmarton almost 5 years ago

codechecker - v6.15.2

:exclamation: :exclamation: :exclamation: Non-backward compatible changes :exclamation: :exclamation: :exclamation:

When a checker name and the alias of this checker is turned on, Clang Tidy (>=v11) will generate only one report where the checker names are concatenated with , mark (e.g.: cppcoreguidelines-avoid-magic-numbers,readability-magic-numbers). Unfortunately in previous CodeChecker releases we didn't handle this use case properly and we generated only one report from it. We changed this behaviour in #3238 so multiple reports will be generated for each checker name / alias if both are enabled.
From this release, the CodeChecker analyze command will indicate only the success and failure of analysis by zero and non-zero exit codes respectively. Before, the analysis subcommand returned with 2, if there was any report in the analysis. Form this release, it will return with 0, if the analysis was successful irrespectively of the number of reports. The CodeChecker parse and CodeChecker cmd diff subcommand will return with value 2 if there is at least one (not suppressed) report in the result set (#3232, #3255).

The return values of the subcommands is as follows: - CodeChecker analyze: 0 - Successful analysis 1 - CodeChecker error 3 - Analysis of at least one translation unit failed 128+signum - Terminating on a fatal signal whose number is signum

CodeChecker parse 0 - No report 1 - CodeChecker error 2 - At least one report emitted by an analyzer
CodeChecker check 0 - No report 1 - CodeChecker error 2 - At least one report emitted by an analyzer 3 - Analysis of at least one translation unit failed 128+signum - Terminating on a fatal signal whose number is signum
CodeChecker cmd diff 0 - No difference between baseline and newrun 1 - CodeChecker error 2 - There is at least one report difference between baseline and newrun

Analyze improvements / fixes

Fix target attribute of the log parser (#3184).
Fix parsing clangsa analyze help (#3206).
Fix ccache compiler detection (#3204).
Handle no analyzer use cases (#3194).
Fix cleanup metadata (#3192).
Expose --supress option to the check sub-command (#3231).
Fix duplication warning when creating failed zip (#3213).
Handle Clang Tidy aliases in plist files (#3238).
Removing noisy checkers from the sei-cert guideline (#3256).

CLI (parse, diff, etc.) improvements / fixes

Change exit codes (#3232, #3255).
Fix file path in codeclimate output (#3202).
Fix source content change error when diffing remote runs (#3191).
Handle suppression properly in diff command (#3189).
Fix for the SpotBugs report converter (#3237, #3247).
Improve error message when cmd diff fails on user input (#3240).

Server improvements / fixes

Configure keepalive (#3167).
Wrap bugstep messages (#3177).
Fix database status in product name column (#3185).
Set filter properly when clicking on the diff count in the statistics page (#3230).
Fix getting analysis statistics (#3229).

Other fixes

Fix context of the docker github action (#3181).
fix run_codechecker.sh (#3234).

- Python
Published by csordasmarton about 5 years ago

codechecker - v6.15.1

News

CodeChecker is now available in the Snap Store and can be installed easily with the following command: sudo snap install codechecker --classic.
We have enabled Github Discussions in our repository. Now if you have any question or an idea you have to create a new discussion instead of an issue. Bug reports still have to be created as an Issue.
Our Roadmap for 2021 is available here: https://github.com/Ericsson/codechecker/projects/15
We moved from Travis CI to Github Actions (#3066, #3086, #3131).
Unfortunately one of our core team member @gyorb left the project due to getting busy with other tasks. We wish you all the best and thank you very much for your hard work in the CodeChecker project 😊. Nevertheless, we hope that one day you return contributing! :smirk:

CLI related improvements/fixes

Sphinx documentation generator tool parser (#3017).
Show comments when using CodeChecker cmd results --details command (#3005).
Using tags names in diff commands (#3144).
Fix json and html output when both formats are selected (3059).
Unique lines when collecting statistics (#3028).
Diff resolved reports of remote to local (#3129).
Collect CTU-involved files in the report directory (#3029).
Fix double clang-tidy config flags (#3157).
Do not allow ctu-ast-mode in non-CTU mode (#3146).
Handle duplication warning at store (#3159).
CodeChecker log debug logs go to report dir (#3166).
Opt-in fix escape in logger in case of backslash, CR, LF (#3169).

Server improvements/fixes

Configure keepalive (#3167).
LDAP authenticated users default permissions (#3072).
Source code comment parsing with trim path (#3078).
Change review status date only if necessary (#3123).
Print API function name in server logs (#3105).
Fix multiple negative file path in source component filter (#3051).
Fix LDAP authentication exception (#3073).
Verify TLS certificate in LDAPS connection (#3083).
Log unsuccessful authentication requests (#3148).
Add more info log to the store API function (#3165). Fix quotes in system comments (#3094).

GUI improvements/fixes

Add shortcut links to the product page (#3100).
Show a progress bar while removing a run is in progress (#3046).
Sort runs in ascending order by the latest storage date by default (#3071).
Show both review and detection status icons in the Report Tree view (#3037).
Outstanding reports char day view (#3054).
Set required field for product config form (#3056).
Handle missing report (#3102).
Fix undefined getRunIds API function in Baseline Run filter (#3043).
Fix checker statistics difference (#3130).
Fix links in statistics tables (#3067).
Fix getting analyzer statistics for runs (#3152).
Refactoring product overview page (#3147).
Usability improvements (#1522, #3041, #3042).

Documentation updates

Documentation for report identification (#3070).
Extend documentation for detection status (#3038).
Describe the usage flow in the main readme (#3069).
Show command line features in the main readme (#3068).
Full GUI userguide rewrite (#3080).
Other fixes (#3040, #3101, #3154).

Package updates

We changed our thrift requirements from 0.11.0 to 0.13.0 (#3032).
We upgraded lxml requirements from 4.5.0 to 4.6.2 (#3127).

Milestone

For more detailed information check the milestone of this release.

Contributors

Big thanks to everyone who helped us creating this release: @jay24rajput, @rasjani, @jimis, @engr-basit, @startergo.

- Python
Published by csordasmarton over 5 years ago

codechecker - v6.15.0

New features

Web UI

There is a brand new product statistics overview page with the information about the recently introduced or resolved reports or about the distribution of the reports in the product. #2986
The run history list was moved from a separate tab to an expandable list under each run at the run list. This makes easier to find the relevant run history entries for each run. #2953
New report info button to show more information about a report at the report details page (run name, detection/fix date ...) #2961
Source components can be used to create and save file path filters with a name to show results only from those parts of the analyzed project. With the newly introduced other component every report which does not belong to any other component can be filtered. #2989

Command line interface (CLI)

New exit status numbers for the CodeChecker analyze and check commands for better CI integration #2943:
- 0 - Successful analysis and no new reports
- 1 - CodeChecker error
- 2 - At least one report emitted by an analyzer and there is no analyzer failure
- 3 - Analysis of at least one translation unit failed
Gerrit output format is available for the parse subcommand. This output format was only available for the CodeChecker cmd diff command in the previous releases. With this change the parse command can be used for the gerrit integration too #2745 CodeChecker parse analyzer_reports -e gerrit

Report storage support for new source code analyzers

Report conversion and storage support is available for multiple new source code analyzer tools (Coccinelle #2949, Smatch #2968, Kernel-Doc #2981). The report-converter tool can be used to convert the output of these analyzers to a format which can be stored to the web server or processed by other CodeChecker commands (parse, cmd diff ...). For more information about the tool configuration and usage check out the user documentation:
- Coccinelle user documentation
- Smatch user documentation
- Kernel-Doc user documentation

Changes

Open reports date filter was renamed to "Outstanding reports on a given date" on the web UI. #2990 Also a new --outstanding-reports-date CLI filter argument was introduced as a filter option.
Less code styling related checker groups are enabled by --enable-all flag. The --enable-all flag enabled a lot of style checkers which could generate a lot of styling reports. #3013

Further improvements worth mentioning

Allow users to overwrite location of the session file #2976
Show how many filter items are visible at the filter tool tip if there are more items #2862
Show selected filter items at Review status filter #2940
Improve component statistics page load performance #3018
Enable search and highlight occurrences of the selected text at the source code view #3011
Set analyzer name for clang-diagnostic checkers when the reports are stored #2956
Reintroduce skipfile script for gerrit integration to be able to analyze only the changed files. #3008
New severity levels for cppcoreguidelines-prefer-member-initializer, altera-struct-pack-align and bugprone-redundant-branch-condition checkers #2954, #2948

Other improvements and bugfixes

For the full list of changes and improvements checkout the milestone

Contributors

Big thanks to everyone who helped us creating this release: @bulwahn, @gargaroff, @jay24rajput, @sudipm-mukherjee, @meghajain-1711, @dl9pf, @sylvestre, @jimis, @jgalenson,

- Python
Published by gyorb over 5 years ago

codechecker - v6.14.0

New features

New statistics page in the Web UI

The statistics page got a new design with a lot of new features: - statistics shown in separate tabs instead of one page for better visibility - new, component statistics page, where reports are distributed per statistics, components can represent a part of a repository (directory, files) - statistics comparison mode: you will be able compare the report statistics of two different analysis runs or time snapshot - diff and review status filters are available on the statistics page #2897

Redesigned date selectors for the web UI filter and CLI

You will be able to list the open reports of your project for any date. Open reports at a date are which were detected BEFORE the given date and NOT FIXED BEFORE the given date. From the CLI the open reports can be queried like this: CodeChecker cmd results --open-reports-date 2020:09:11:12:20 --url ...

Remember filters when navigate between pages

Filters are remembered during navigating between the pages. The report list and statistics related filters are saved separately.

2913

Show analyzer name alongside the reports

Analysis results from multiple static analyzers can be stored to the database, with this change for each report the analyzer name can be viewed which produced the result.

2717

Always show similar reports

Reports with the same hash can be seen in a drop down list for each report without uniqueing #2896

Enable and disable checker profiles and guidelines (like sei-cert) in the analyzer CLI.

There is a new syntax extended with guideline support which can be used to enable checker sets. With the new syntax the checkers, profiles and guideline can be enabled or disabled even if there is a conflict in their name. The arguments may start with profile: of guideline: prefix which makes the choice explicit. Without prefix it means a profile name, a guideline name or a checker group/name in this priority order.

CodeChecker analyze -o reports -e profile:sensitive -e guideline:sei-cert compile_command.json Use these commands to list the available profiles CodeChecker checkers --profile list or guidelines: CodeChecker checkers --guideline

New report converter for Markdownlint results

The reports from Markdownlint can be converted and stored to the report serve like this:

```sh

Run Markdownlint.

mdl /path/to/your/project > ./mdl_reports.out

Use 'report-converter' to create a CodeChecker report directory from the

analyzer result of Markdownlint.

report-converter -t mdl -o ./codecheckermdlreports ./mdl_reports.out

Store Markdownlint reports with CodeChecker.

CodeChecker store ./codecheckermdlreports -n mdl ```

2829

The codechecker config file was extended with a parse section which can be used by the parse subcommand.

It can be used to set the path prefixes in the CodeChecker config file which should be trimmed by the parse subcommand when the reports are printed: { "parse": [ "--trim-path-prefix", "/$HOME/workspace" ] } The config file for the parse command can be set like this: CodeChecker parse report --config codechecker_cfg.json #2885

Environment variables can be used in the CodeChecker config file, they will be expanded automatically

json { "analyzer": [ "--skip=$HOME/project/skip.txt" ] }

2877

Changes

On-demand Cross Translation Unit Analysis will be the default CTU analysis mode

The On-demand CTU analysis support introduced in the previous release is enabled by default now if the used clang static analyzer supports it. CTU analysis will be performed without the huge temporary disc space allocation.

With the --ctu-ast-mode the analysis mode can be switched back to the old behavior if the new consumes too much memory: CodeChecker analyze --ctu-ast-mode lod-from-pch ....

Further improvements worth mentioning

Collect compiler information in case of clang mismatch #2872
Log enabled checkers at the beginning of analysis #2858
Add severity to statistics html page #2899
Improve source component filter performance #2857
Options specified on the command line after the --config option will override options specified in the config file #2883
Compile command logging for make versions newer than 4.3 is fixed #2689

Full list of changes

View the milestone for the complete list of changes in this release.

Contributors

Big thanks to everyone who helped us creating this release: @sylvestre @gocarlos

- Python
Published by gyorb over 5 years ago

codechecker - v6.13.0

New feature highlights

New web UI

In this release the UI framework was completely replaced to increase usability, stability and performance. The new framework allows a lot of improvements like: * faster page load * faster navigation * improved front-end testing * less load on the server

With the new UI the permalinks are backward compatible so the saved URLs should work as before. Additionally to the UI improvements there is a new feature. If Unique reports is enabled on the reports view there is a drop down list for each report showing the similar reports with the same report hash (but maybe with a different execution path)

Note! When building the package nodejs newer than v10.14.2 is required! Please check the install guide for further instructions on how to install the dependencies.

Apply checker fixits

Some checkers in Clang-Tidy can provide source code changes (fixits) to automatically modify the source code and fix a report. This feature can also be used to modernize the source code. To use this feature the clang-tidy analyzer and the clang-apply-replacements tools needs to be available in the PATH. During the clang-tidy analyzer execution the fixits are automatically collected. CodeChecker analyze -o report_dir -j4 -e modernize -e performance -e readability compile_command.json --analyzers clang-tidy Use the CodeChecker fixit report_dir command to list all collected fixits. Fixits can be applied for a source file automatically like this: CodeChecker fixit report_dir --apply --file "*mylib.h" or in interactive mode where every source code modification needs to be approved: CodeChecker fixit report_dir --interactive --file "*mylib.h"

Fixits can be applied based on a checker name, so to cleanup all the readability-redundant-declaration results execute this command: CodeChecker fixit report_dir --apply --checker-name readability-redundant-declaration

Coding guideline mapping to checkers (SEI-CERT)

There are coding guidelines like (SEI-CERT, C++ Core Guidelines, etc.) which contain best practices on avoiding common programming mistakes. To easily identify which checker maps to which guideline the--guideline flag was introduced.

To list the available guidelines where the mapping was done, use this command: CodeChecker checkers --guideline The checkers which cover a selected guideline can be listed like this: CodeChecker checkers --guideline sei-cert If we want to get which checker checks the sei-cert rule err55-cpp by executing the command below we can get that the bugprone-exception-escape checker should be enabled if the err55-cpp rule needs to be checked. CodeChecker checkers --guideline err55-cpp bugprone-exception-escape More detailed information about the checkers and the guideline mapping can be found by executing this command: CodeChecker checkers --guideline sei-cert --details

Makefile output

CodeChecker can generate a Makefile without executing the analysis. The Makefile will contain all the necessary analysis commands as build targets. With this Makefile the analysis can be executed by make or by some distributed build system which can use a Makefile to distribute the analysis commands.

Locally with a simple make it can be executed like this: CodeChecker analyze --makefile -o makefile_reports compile_command.json make -f makefile_reports/Makefile -j8

On demand CTU analysis support

With this new flag (--ctu-ast-mode) the user can choose choose the way ASTs are loaded during CTU analysis. There are two options: - load-from-pch (the default behavior now, works with older clang versions v9 or v10) - parse-on-demand (needs clang master branch or clang 11)

The mode 'load-from-pch' can use significant disk-space for the serialized ASTs. By using the 'parse-on-demand' mode some runtime CPU overhead can incur in the second phase of the analysis but uses much less disk space is used.

Execute this command to enable the on-demand mode: CodeChecker analyze -j4 -o reports_ctu_demand --ctu --ctu-ast-mode parse-on-demand See the pull request for more information.

Disable all warnings like checker groups

Clang compiler warnings are reported (clang-tidy) by checker names staring with clang-diagnostic-. Disabling them could be done previously only one-by-one. In this release the warnings can be disabled now with the corresponding checker group. CodeChecker analyze --analyzers clang-tidy -d clang-diagnostic

IPv6 support

The CodeChecker server can be configured to listen on IPv6 addresses.

Performance improvements

diff command printing out source code lines got a performance improvement #2772
report storage performance got improved #2804

Changes

DEPRECATED flag! --ctu-reanalyze-on-failure flag is marked as deprecated and it will be removed in one of the upcoming releases. It will be removed because the Cross Translation Unit (CTU) analysis functionality got more stable in the Clang Static analyzer so this feature can be removed.

Other improvements and changes

There are a lot of further improvements and bug fixes in this release. The full list of changes can be found here.

Contributors

Big thanks to everyone who helped us creating this release: @sylvestre @thresheek

- Python
Published by gyorb almost 6 years ago

codechecker - v6.12.1

Feature change!

Incremental analysis extension introduced in v6.12.0 feature was changed in #2786! Getting the c/cpp files that are dependencies of a changed header is not done automatically from now on, the user has to generate the c/cpp file list which should be analyzed. To support this use case the tu_collector tool was extended to be able to generate the dependency source file list like this: sh tu_collector --dependents -l ./full_compilation_database.json -f "*/main.h" Additional helper scripts and examples can be found in the tu_collector documentation how to analyze the source and header files which were modified in a git commit.

Bugfixes

The parse command could not generate HTML output files #2771
Fix analyzer --file option. The reports from the included header files should not be skipped #2788
Fix update comments if the message did not change #2780
Fix source component update error #2778
Fix run history tag filter #2769
Fix tidyargs file encoding error #2767
Fix segmentation fault in the compile command logger #2768
The wrong codechecker_api version was used in the developer virtual environments #2770
The hash overwrite feature crashed if the plist report file was missing #2779

- Python
Published by gyorb almost 6 years ago

codechecker - v6.12.0

New feature Highlights

Show clang-tidy reports in headers

Clang-tidy reports are shown from headers (non system) now, this change can increase the number of new results!
Use the following analyzer configuration to turn back the old behavior by setting the HeaderFilterRegex value to an empty string:
CodeChecker analyze compile_command.json --analyzer-config clang-tidy:HeaderFilterRegex=\"\"

Python 3 only

Because of Python 2 sunset at the beginning of 2020 CodeChecker was ported to Python 3 the minimal required version is 3.6. Because of the Python version change and a lot of 3pp dependencies were updated it is required to remove the old and create a new virtual environment to build the package!

Store results from multiple static and dynamic analyzer tools

Starting with this version CodeChecker can store the results of multiple static and dynamic analyzers for different programming languages: * Facebook Infer (C/C++, Java) * Clang Sanitizers (C/C++) * Spotbugs (Java) * Pylint (Python) * Eslint (Javascript) * ...

The complete list of the supported analyzers can be found here. To be able to store the reports of an analyzer a report converter tool is available which can convert the reports of the supported analyzers to a format which can be stored by the CodeChecker store command.

New build and CI system features and improvements

GitLab integration

Inside a GitLab Runner CodeChecker can executed to provide a code quality report for each GitLab review request. The codeclimate json output format was added to the Codechecker parse and CodeChecker cmd diff commands to generate a json file which can be parsed by GitLab as a quality report. See the GitLab integration guide for more details how to configure the GitLab runners and CodeChecker.

Gerrit

Integration was simplified, no extra output parsing and converter scripts are needed. The CodeChecker cmd diff -o gerrit ... command can generate an output format which can be sent to gerrit as a review result.

Bazel build system support

Compilation commands executed by the Bazel build system can now be logged with the Codechecker logger to run the static analyzers on the source files. Check out the Bazel build system integration guide for more details.

Compilation errors as reports

Compilation errors occurred during the analysis are now captured as reports by the clang-diagnostic-error checker. These types of reports can be disabled as a normal checker like this:
CodeChecker analyze --disable clang-diagnostic-error ...

Analyzer and checker configuration from the command line

The Clang and Clang-tidy static analyzers and the checkers can be configured from the command line with the newly introduced --analyzer-config and --checker-config options.

Analyzer configuration

Use these commands to list the available analyzer config options (use the --details flag for the default values and more description): * CodeChecker analyzers --analyzer-config clangsa * CodeChecker analyzers --analyzer-config clang-tidy

A Clang Static Analyzer configuration option can be enabled during analysis like this: CodeChecker analyze compile_command.json -o reports --analyzer-config clangsa:suppress-c++-stdlib=false -c

Checker configuration

Use the CodeChecker checkers --checker-config command to list the checker options, or the CodeChecker checkers --checker-config --details command to get the checker options with the default values.

A checker option can be set like this:
CodeChecker analyze compile_command.json -o reports -e cplusplus.Move --checker-config clangsa:cplusplus.Move:WarnOn="All"

Select only a few files to be analyzed from the compile command database

There is no need for a complex skip file or to create smaller compile command database files to execute the analysis only on a few files. With the --file option the important files can be selected the analysis for the other files will be skipped.
CodeChecker analyze compile_command.json --file "*main.cpp" "*lib.cpp"

Incremenetal Analysis Extension: Analyze c/cpp files that are dependencies of a changed header

Header files can not be analyzed without a c/cpp file. If a skip file contains a header file (with a "+" tag) like this: +*lib.h -* Which means the header file should be analyzed. CodeChecker tries to find all the c/cpp files including that header file and execute the analysis on those c/cpp files too so the header file will be analyzed. The only limitation is that the full compilation database is required to collect this information.

CodeChecker CLI configuration files

The CodeChecker commands can be saved in a config file which can be put into a version control system or distributed between multiple developers much easier. In the previous release v6.11.0 the support for the analyzer configuration file was added. In this release it was extended to the web server related commands (store, server) so they can be stored into a configuration file too.
It is not required to type out the options in the command line all the time to store the analysis reports.
With an example store_cfg.json config file like this: json { "store": [ "--name=run_name", "--tag=my_tag", "--url=http://codechecker.my/MyProduct" ] } The CodeChecker store command can be this short: CodeChecker store reports --config store_cfg.json

Other new features worth mentioning

The review comments in the source code are shown by the CodeChecker parse command
A free text description can be store to every run which can contain any compilation or analysis related description.
CodeChecker store --description "analysis related extra information" ...

Removed command line options

These CodeChecker check and CodeChecker analyze options were already deprecated and were removed in this release: * -f/--force * --add-compiler-defaults

Other improvements and changes

There are a lot of improvements and bug fixes in this release. The full list of changes can be found here.

License change

This is the last release with the NCSA license the new license after the release will be: "Apache 2.0 with LLVM Exception", SPDX License Identifier: "Apache-2.0 WITH LLVM-exception"

Contributors

Big thanks to everyone who helped us creating this release: @itzurabhi, @tilya, @themightyoarfish @rpavlik @sylvestre

- Python
Published by gyorb about 6 years ago

codechecker - v6.11.1

Improvements

Handle two kinds of implicit includes differently (gcc include-fixed and *intrin.h headers) #2562 #2541
Filter out include directories containing *intrin.h header files #2569
Add -fno-keep-static-consts flag to gcc ignore list #2568

Bugfixes

Translation unit collector did not detect CCache in the build commands #2524
Fix row output type in command line #2547
Number of reports was not calculated right for parse command #2539 #2556 #2550
Path normalization fix for the file skip feature #2548
Fix error when query limit is larger than max limit #2533
CodeChecker check no longer works analyzer #2505 #2506 #2532
- fixes the problem where ClangSA is not available in the PATH

Changes

Do not enable all modernize checkers in sensitive profile #2502 #2558

- Python
Published by gyorb over 6 years ago

codechecker - v6.11.0

New Feature highlights

Show system comments for bugs GUI #746
Review status changes by the users are automatically stored and shown at the report comment section for each report. With this feature the status changes of the reports can be easily tracked.
Introduce different compiler argument filtering if the original compiler was clang #2382 #2482
If the original compiler used to build a project was clang/clang++ only a minimal compilation flag filtering or modification is done. In the case where the original compiler was gcc/g++ many non compatible compiler flags were filtered which is not required if the original compiler is clang.
Store the Cppcheck plist reports #2474
Plist reports generated by Cppcheck can be stored by the CodeChecker store command. For a more detailed example how to configure Cppcheck to generate the reports in the right format see the documentation.
CodeChecker config file support for the analysis arguments #427 #2268
The arguments for a CodeChecker analyze command can be given in a config file. A more detailed description about the usage and the config file format can be found here.
Log compile commands with absolute paths #2447
With the introduction of a new environment variable (CCLOGGERABS_PATH) the compiler include paths will be converted to an absoute path. This conversion can be necessary if the compiler command database created by CodeChecker will be used by other static analyzers (E.g. Cppcheck).
Enforce taking the analyzers from PATH #2378
With the newly introduced environment variable the usage of the static analyzers in the PATH can be forced even if the configuration contains analyzers not from the PATH.
List ClangSA checker options #2425
The Clang Static Analyzer options can be listed now (requires clang v9.0.0 or newer). Use the command CodeChecker analyzers --dump-config clangsa to print the static analyzer configuration.
Support json output for parse command #2424
The parse command can generate json output from the reports if required: CodeChecker parse -e json analyzer_reports
Use CodeChecker parse with multiple directories #2384
The CodeChecker cmd parse command now accepts multiple directories to parse the reports from.
Update the name of a run from the command line #1778

Improvements and bug fixes

Analyzer

Detect -MG as a precompilation flag #2472
CodeChecker analyze and parse fails for non ascii. #2454
Document some new checkers #2445
Incorrect full path reconstruction for -include #2440
Resolve symlinks of compiler binaries #2430
Add missing lxml dependency to the analyzer #2414
Document two new checks #2405
Replace analyzer option api-metadata-path with package option APIMetadataPath #2403
Skip handler must be run before compiler options parsing not after #2396
Incremental analysis failures on the same file results in stupid failure ZIP #2395
Do not count a number of skipped actions in progress log #2394
'aggressive-binary-operation-simplification' should be clang version dependent #2390
Do not load plugins when CCANALYZERSFROM_PATH is used #2483
Print a log message when overwriting a plist file #2375
Ignore -mllvm option #2374
Fix taint issue #2426
Fix missing analyzer binary #2437
Fix failure zip #2444
Fix handling '--sysroot=' flag format #2453
Handle enabled checker per profile for ClangSA #2337
Do not disable all clang static analyzer checkers unconditionally #2386
Less argument processing if skip file used without ctu and stats #2462
Set io.open encoding to utf-8 #2484
Add 4 new checker severity levels #2485
some specific Xclang arguments modify the output #2492
do not disable all clang static analyzer checkers unconditionally #2386

Web

args.config has been renamed to args.config_file #2478
Can not delete run #2473
Always generate a new token on login #2423
Use saved credentials if auto login is enabled #2421
Trim white spaces from the user name when adding new permissions to it #2420
Fix personal access token generation #2413
Add a heartbeat and readiness URL #2410
Keep the selected sub tab on run tab switch #2401
Run tab switch jumps back to previous tab #2400
Disable run limitation #1949
Fix hiding tooltip of the source component filter item #2489

Other

Documentation for cppcheck report storage #2481
Remove SimpleStream checker from sensitive profile #2480
Extra comments for clang compiler change in travis #2469
Bump up the minimal required clang version #2468
OSX does not have include-fixed in its include path #2464
The existence of a config file influences the test #2463
Fix test case for hasanalyzeroption #2460
Sort report lines for files #2459
Fix missing type imports for the tests #2456
Update to xcode10 in travis #2455
Upgrade tests to run with Clang 9.0.0 #2451
Remove fail zip first in case of write mode. #2450
Fix pylint errors #2448
Fix travis error code handling. #2446
Adding compilation database to JSON in tu_collector #2441
Revert "add label configuration for the github actions" #2438
Update authentication.md for codechecker.readthedocs.io publishing #2436
Fix thrift path on osx #2431
Fix pylint warnings #2422
Add more example how to use credentials #2416
Simplify Gerrit integration documentation #2415
Rename shared.thrift to codecheckerapishared.thrift #2406
Fix travis failure #2392
Add default values to the package_layout.json #2385
Refactoring package_layout.json file #2379
Increment CodeChecker version to 6.11.0 #2313
It is not possible to order runs by run name #2235
Support response files #2092
Introduce code owners file #2075

API changes

New filter options for CodeChecker cmd runs command #2343

Contributors

Big thanks to everyone who helped us creating this release: @josod, @LebedevRI, @sylvestre, @hpwxf, @irishrover, @scphantm

- Python
Published by gyorb over 6 years ago

codechecker - v6.10.1

This is a bug fix release including many fixes and documentation updates. There are no new features or backward incompatible changes.

Bugfixes

Most important

Fix exception handling for HTTP POST requests #2331
The improper handling of a possible exception caused the server to hang and not respond to the new requests.
Autocompletion for the login form #2276
The login form will be autocompleted if the credentials are saved by the browser.
fix backslash in user name #2332
LDAP user names containing a backslash caused exception at the server.
Skip lists should not be applied to the CTU pre-analysis step #2299
To collect the required information for the CTU and statistics based analysis no source files are skipped from the compilation database at the pre-analysis step.
api modeling checkers should be enabled in all profiles #2305
Increase the severity of some checker that indicate Undefined Behaviour #2370
Removing alpha.security.MallocOverflow from the sensitive profile throws too many false positives #2366

compiler include path related fixes

Keep GCC include-fixed dirs in include paths #2272
The include-fixed include paths by gcc might be required for the analysis, but that is project dependent a new --keep-gcc-include-fixed flag is introduced so the projects can keep or remove the include paths for the analysis.
Additional -nostdinc[++] #2344, -stdlib #2303 compilation flags are considered at the implicit compiler include path detection, because they affect the list of the include paths.
Clang searches for builtin includes relative to the binary #2302 Clang builtin include paths were added by an --isystem flag at a fixed place if the include files were in the package, standard clang installation should not be affected by this change.

compilation command logging related fixes

Fix ld_logger crash #2309
A crash during logging prevented to collect the compilation commands.
Give absolute path in the CC_GCC_LOGGER_LIKE environment variable #2315
If there are compiler wrapper scripts named the same way as the original compiler (gcc/g++) logging the original compiler was hard because the difference was only in the path of the executable. With this change the logging the original compiler execution can be done too.

Analyzer

Fix Z3 refutation detection #2231
return 0 in case no analysis is needed #2255
Crash in splitting output of "clang -### ..." #2300
Plist files should contain absolute paths #2360
import getlogger in clangoptions.py #2296
CodeChecker disables apiModeling by default #2289
Introduce clang version dependent options #2287
fix env forwarding for the subprocess in ctu autodetect #2284
Fix a typo on setupprocesstimeout call #2281
-fstack-reuse is not supported by clang #2280
Determine language based on compiler name #2277
Remove skip list handler from common module #2274
remove argument handling class from common module #2254
move report parsing related code to the parse cmd #2252
fix context free report hash generation doc #2251
refactor suppress file handler #2250
Fix LOG.debug #2248
move proc timeout functions and tests to analyzer #2246
move getbinaryin_path to analyzer module #2245
Add tests for cmdline #2283

Web

Store analyzer version instead of CodeChecker version #2373
Upgrade JQuery to 3.4.1 #2345
Fix double scroll bar on the GUI #2334
Extend the help message of "CodeChecker cmd del" command #2325
indentation of the call graph is not always correct #2320
Make placeholder help for source components more descriptive #2310
"loading" label for unauthorized users #2307
Fix local session creation #2301
Fix comment update #2282
Fix pg8000 test command #2275
Revise how events are indented in a bug report #2269
Web GUI doesn't honor new lines for comments #2259
move profiler from common to server #2247
Impossible to delete run in the web GUI #2234
Fix reading worker_processes config value #2227
Fix source code comment regex #2356

Other

Description of incremental analysis using skipfile #2381
Remove whitespace characters at cmd results #2362
Buggy 'CodeChecker parse --print-steps' filename outputs when a report is ranging across TUs. #2358
Format main README.md #2355
Fix daily script #2316
packagelayout.json "ctufuncmapcmd" is not considered #2330
Update documentation #2323
ld_logger improvement #2317
gcc compiler flags against Spectre unknown by clang #2304
match for multiple digit clang versions in tests #2298
Update travis ci base image to bionic #2291
replace StackAddressEscape checker in analyzer tests #2288
Omit extra newlines while logging build commands #2286
Add standalone package target #2273
remove unused db version information #2270
create reports and project for the update test #2266
enable build matrix for travis #2261
tu_collector tests can be run independently #2253
update travis to clang8 #2244
Exception on regex characters in checker name #2241
Fix Clang version regex in tests #2239
bump up version to v6.10.1 #2225

API

Fix getDiffResultsHash API function #2265

Credits

Big thanks to everyone who helped us creating this release: @gwangmu, @irishrover, @zingo

- Python
Published by gyorb over 6 years ago

codechecker - v6.10.0

Backward incompatible CLI change

CLI run name filter delimiter was changed from ":" to " ". With this change run names containing ":" can be filtered. The previous solution prevented to filter run names containing ":". #2113

Analyzer

New Features

Add support to enable Z3 refutation. Use the Z3 theorem prover if Clang is built with it, to cross check the results by Clang Static Analyzer. The usage of this solver can reduce the false positives produced by the ranged-based solver, and using refutation should not increase the analysis time a lot. #2091 This feature is enabled by default if available.
Add support to enable Z3 Theorem Prover #2087 Use the Z3 theorem prover if Clang is built with it. In this case the built in range-based constraints solver will be replaced by Z3 in Clang Static Analyzer. The performance is worse than the default range-based constraint solver right now. It can be enabled by the --z3 flag.
Give warning if an enabled or disabled checker is missing or there was a typo in the checker name #2215
Clang warnings can be listed with the CodeChecker checkers --warnings #1693
Add --trim_path_prefix option for parser command #2076

Improvements

Multiple improvements and bug fixes for build environments with ccache #2202, #2126
Collect compiler information for multiple languages (C/C++) #2193
If available use lxml library to parse plist files to improve performance #2170
Skip sources argument when parsing the precompilation options #2072
Define severity for new checkers #2128, #2132, #2141
Adding clang8 checker naming related changes #2216
Try to autodetect mapping tool based on clang version, required for CTU analysis with clang8 and newer #2030
Improvements to log compilation commands during the build process #2131, #2160, #2139

Web

New Features

Filtering can be done based on the bug path length on the web UI #2197
CLI is now able to return the detailed bug path if required #2068
The diff command prints the summary of the results now #2165
New documentation and configuration files to create docker images for easier setup and installation #2038
New docker image is available on dockerhub

Improvements

Multiple performance improvements to speed up the storage and query of the results #2177, #2175, #2172, #2188, #2169, #2178, #2163, #2135
Case insensitive LDAP group search and comparison #2073
Don't allow users to see the results of a product where no permissions were set #2158
Send back a valid Thrift error response instead of HTTP error codes #2149
Implicit initial wildcard in search fields for easier search #2134
Multiple third party dependencies were updated (SQLAlchemy, psycopg2) #2079, #2181

Web API changes

Create separate API function to get analysis statistics #2182
Run history limitation was introduced #2177
getRunData limitation was introduced #2175
New API function is available to get check command #2172

Other bug fixes and improvements

You can find a more detailed list of changes here: milestone 6.10

- Python
Published by gyorb almost 7 years ago

codechecker - v6.9.1

New

Enabling expand-macros feature of clang #1994
- Since clang v8 macros can be expanded in the reports. This feature is enabled by default in CodeChecker so the reports will always contain macro expansions for better report understanding.
Specify only a sub string of the checker name for suppression #2019
- Source code review status comments will work with checker name sub strings (useful if a checker is moved between packages)
New security checkers profile #1054
- New security profile with multiple security related checkers is available. Run CodeChecker checkers --profile security for the full list of checkers.

Changes

Added severity levels of yet uncategorized checkers and checker profiles were updated #2034 ## Default profile: ### Added
- alpha.cplusplus.UninitializedObject
- bugprone-copy-constructor-init
- bugprone-terminating-continue
- bugprone-throw-keyword-missing
- bugprone-unused-return-value
- bugprone-virtual-near-miss
- cert-fio38-c
- cplusplus.InnerPointer
- optin.cplusplus.VirtualCall

Sensitive profile:

Added

alpha.cplusplus.UninitializedObject
alpha.security.MmapWriteExec
bugprone-copy-constructor-init
bugprone-exception-escape
bugprone-macro-parentheses
bugprone-terminating-continue
bugprone-throw-keyword-missing
bugprone-unused-return-value
bugprone-virtual-near-miss
cert-dcl54-cpp
cert-err09-cpp
cert-fio38-c
cert-msc51-cpp
cplusplus.InnerPointer
optin.cplusplus.VirtualCall

Extreme profile:

Added

alpha.cplusplus.UninitializedObject
alpha.security.MmapWriteExec
bugprone-copy-constructor-init
bugprone-exception-escape
bugprone-macro-parentheses
bugprone-terminating-continue
bugprone-throw-keyword-missing
bugprone-unused-return-value
bugprone-virtual-near-miss
cert-dcl54-cpp
cert-err09-cpp
cert-fio38-c
cert-msc51-cpp
cplusplus.InnerPointer
cppcoreguidelines-narrowing-conversions
misc-unused-parameters
optin.cplusplus.VirtualCall
optin.performance.Padding
security.insecureAPI.bcmp
security.insecureAPI.bcopy
security.insecureAPI.bzero
security.insecureAPI.strcpy

You can get more information about the checkers here and here.

Improvements

Show supported analyzers at cmd checkers #2055
add readthedocs link #2041
introduce readthedocs #1935
add docs as a special route #2052
Gerrit-Jenkins integration is extended #2061
rename passwords json file in the doc #2035
add new mkdocs target to build the documentation #2026
update test documentation #1985
Resurrect --compiler-info-file analyze flag. #2039
[userguide] Disable review status change feature #2002
Travis clang back to 7 #2022
run brew cleanup only in osx in travis #2016
load only files with ".so" extension as a plugin #2014
Run python style tests before test target #2010
Improve web test performance #2004
Keep clang flags #2003
Update travis llvm version #1998
Create pip package from tu-collector #1995
Pip package from plist-to-html #1993
Increase performance of the travis jobs #1991
Add pylint and pycodestyle targets #1952
Add more test targets to the main Makefile #1951
Handle cases when plugin directory does not exist #1946
Use compiler_info.json file in debug scripts #1941
Give better error message on keyerror at package context #1933
Extend version file with git information #1931
Download external dependencies with Makefile #1929
Add example for CodeChecker cmd diff #1927
Tool to create new compiler info files from old ones. #1909
return error in case of wrong checker profile name #2059
create test case for mixed compilation x dependency file case #2050

plist to html tool improvements

Improve plist-to-html sort performance #2037
[plist-to-html] Ordering of reports #1973
[plist-to-html] Link to index.html #1972
[plist-to-html] Sort the reports in ascending order by file path #2054
[plist-to-html] Ordering reports #2028
collect statistics for plist to html parser #1035

Bug Fixes

The skipped flags are skipped in case of Clang too #2062
A compiler doesn't provide an architecture target #2067
fix missing sys import #2064
isystem path was set wrong #2060
fix profile listing on name conflict #2058
handle character decoding problems (locale mismatch) #1770
review status is not set #1647
filter based on detection date without setting the hour value #2048
detection date filter not set from url #2047
plist to html index.html sorting problem #2046
Fix package build #2029
Yet another logger fix #2027
Logging does not preserve escaped quotes #2025
Cleanup database on run remove #2018
Fix travis missing "then" keyword #2017
Refactoring docs #2013
Processing target architecture first in log parser #2008
Fix run_test target #2006
Fix default target call #2000
return an empty string at getting compiler includes #1997
Fix cleaning venv_dev #1996
Compile action contains bot compiler and preprocessor flags #1989
Fix authentication #1988
fix analyzer_statistics module import #1982
Introducing --compile-uniqueing parameter #1965
Fix run_test target #1958
Fix cleanup target #1950
Do not store failed files when using 6.9.0 version #1943
Fix failed source list of analysis statistics #1942
There is no way to jump to a note, like you can to events #1940
fix action list length check #1938
Fix verbosity in build scripts #1936
CodeChecker log generated json can't handle filenames with spaces #1366
Incorrection documentation about "cmd login" #1133

Source repository changes

This release contains many bug fixes and a large amount of source code refactoring. We started the refactoring to split up the source tree to easier manageable pieces. The work is not fully finished but we are close. Separating the main parts will allow us to release and develop them independently in the future.

The main new parts of the restructured repository are:

analyzer (run and configure the supported static analyzers)
- tools/build-logger/ (log compiler invocations during build)
web (web server and client to store/query and manage the reports)
tools (independent tools which are used by the analyzer or web)
- plisttohtml
- tu_collector

You can find more details about the new layout here #1830

Refactoring

Move webserver unit tests under server #1955
allow to set the base wp dir from env variable for tests #1983
Allow to set workspace for web tests #1980
Reduce the number of travis matrices #1975
Cache downloaded binary osx packages on travis #1966
Skip generated files from tests projects in gitignore #1959
use templates to generate html files #2040
Create commands.json for sub-commands #1932
Create package directory #1977
Separate directory for analyzers #1976
call setup.py only in the target #2015
Refactoring web docs #2024
Revert back package build scripts to py2 #1945
remove py3 incompatible uppercase conversion #1923
python3 compatible exception cleanup #1922
Build the package before running functional tests #1954
cleanup make targets with/without virtualenv #2007
merge dev and test virtual environments #2005
Refactoring CONTRIBUTING.md file after split up #2011
Use Makefile to build CodeChecker package #1937
Refactoring generated CodeChecker dependency #1990
Refactoring plist to html #1986
Refactoring config files #1979
Add targets to build analyzer and web separately #1974
Rename libcodechecker to codechecker_common #1968
Remove .noserc from root #1967
Split up source repository #1964
Split up refactoring #1963
Fix CodeChecker version after split up #1962
Get analyzer_statistics module from analyzer #1961
Move some files to webserver common #1960
Split up docs #1956
Create separate contexts for analyzer and server #1953
Split up server/client handling parts #1944
Split up analyzer handling part #1939
Remove psycopg2 from analyzer requirements #1999
Prepare split up #1921
finish logging cleanup #1911
fix pylint old-style class warnings #1917
py3 fix iterator protocol (next method change) #1926
fix dict.items referenced when not iterating py3 #1925
fix dict item was referenced when not iterating py3 #1928
Move analyzer specific test projects under analyzer #1947
Move server related test projects under server #1948

- Python
Published by gyorb about 7 years ago

codechecker - v6.9.0

Release 6.9.0

New Features

New "OFF" and "UNAVAILABLE" detection statuses were introduced #1850 Mark a report "OFF" in case the checker is available but it was turned off in a later analysis. Mark a report "UNAVAILABLE" in case the checker was removed or renamed between different analyzer releases. They influence the analysis statistics numbers, see the documentation for further details (diff calculation)
Disable review status change on the WEB UI #1825 Review status changed for a product can be disabled by a product admin.
Improved logging for build systems using ccache #1864
Filter by detection date in command line #1899
CallAndMessageUnInitRefArg was removed from extreme profile #1897
Add run name filter to Codechecker cmd runs command #1849
Report uniqueing arguments in command line #1877
Handle compile errors and analyzer crash separately #1829
New documentation about report identification #1831
Add left/right arrow to the bug steps in the webui #1813
Add extra analyzer flag if the iterator checkers are enabled #1833
Highlight selected event in the generated html report #1893
Announcement banner. #1861

Improvements

Log optimization #1886
Do not convert notes to events #1882
Edit doxygen main page and add images #1884
Ignore encoding errors #1852
Warning when upgrading SQLite database #1858
Update architecture overview #1880
Correct way to convert clang-tidy .rst to .md correctly rendered by CodeChecker #1857
Show link to the ClangTidy site for ClangTidy checks in "Show Docs" #1848
Remove unused analyze arguments from User Guide. #1891
NFC: just sort checker names #1847
Add bugprone-parent-virtual-call check for clang-tidy v7+ #1843
Set user name in the HTTP response header #1828
Unnecessary signal handling in performance test. #1826
Write more info logs at the server #1824
Print statistics on signal #1823
ugrade boost before thrift install #1821
Freeze test requirements and move requirements.txt #1820
New dockerfiles for test environments #1819
Source venv before pycodestyle #1817
Upgrade test environment for clang7 #1816
Initial mkdocs support #1812
Documentation cleanup #1811
Bump up version to 6.9.0 #1809
Constructing config handler is the analyzer classes' responsibility #1788
Modify curl arguments for 3pp downloads #1718
Review sql queries #1700
Contradiction expensive to evaluate #864
Refactoring fail zip #1772
Add stats collector hook #1872
Option parser refactoring #1814
Make ImplicitCompilerInfo's methods static. #1892
Reformat usage guide for mkdocs #1832
Add tooltips to detection status filter items #1907

Bug Fixes

Add clang_analayzer macro to CTU pre analysis #1865
Fix --timeout as clang-sa spawned child processes are not killed now #1844
Tash files are created in cwd by --stats-collect #1881
Whitespace escaping in source path #1871
Fix HTML converter layout file default path #1894
Fix PlistToHTML bug path arrows #1889
Fix escaping in command line arguments #1888
Fix: macros are under diagnosics instead of path #1887
Test OSX Travis #1873
Fix default value of Boolean column at migration #1869
Option parser refactoring broke osx tests #1868
Combobox with False-positive/Intended/... is not shown on last revision #1863
Update postgresql in osx travis ci #1856
Fix running psql test cases #1846
Fix source code comment unicode error #1845
[CTU] Compiler default C++ dialect is not added when generating the PCH files #1838
Fix documentation (markdown syntax and typo) #1810
When many products are added (>30) the product list page takes ~6s to load #1730
If the json file is incorrect formatted, show the impacted file #1665
Fix typo #1896
Fix slow boost build in travis #1822
Fix command line help message #1854
Small fixes found by PyCharm's static analysis #1837
Upload compiler_info.json #1900
Fix storage of analysis statistics test #1901
Store statistics if it contains failed zips #1902
Small log parser fixes. #1903
Enable statistics checkers before workers #1905
Fix password request for cmd #1910
Fix missing space in warning message #1912
Add missing future imports #1913

- Python
Published by gyorb over 7 years ago

codechecker - v6.8.1

Improvements

Select hash generation method #1801 Analyzer report hash generation algorithm can be selected in the command line
Add dates to the run tag list at report filter #1781
New documentation for Gerrit-Jenkins integration #1746
Don't parse command line options for skipped files. #1790
Improve optionparser.py::argcheck to reduce number of regexps compiled #1789
Log invalid LDAP credentials as warnings #1787
Preserve -nostdinc++ in command line, the same as for -nostdinc #1779
Slightly cleaner handling of constructing analyzers #1774
Option to do database migration without user interaction #1769
Print out which product is garbage collected #1767
Online server configuration file reload #1766
Handle SIGTERM to stop the server running. #1762
Remove trivial properties. Rename some files. #1759
Add missing python requirement. #1756
Add logo files #1750
Skip '-Xclang ' at argument parsing #1744
Add .editorconfig file #1697

Bug Fixes

GUI Bug bug path numbering #1806
--force argument for store does not work #1802
Hash generation failed because of decoding error #1800
Bug fix: if there is an issue present, parseoutputparser.py #1799
Multiple configuration option for the same checker #1791
Check that the given product exist at server #1786
Fix long line #1785
Fix exception message printing at server #1784
Break long lines at cmd analyze and check commands #1783
Convert relative include paths to absolute #1782
Fix scrolling at Bug List data grid #1780
Add missing images to user guide #1776
Remove lock file at the end of logging #1773
Fix profileit function #1768
Fix storing check command #1764
Fix instance manager file lock #1763
Fix plist to html parser #1758
Fix non breakable space character #1754
Slugify run name when storing analysis statistics #1753
Fix plist to html converter missing severity #1751
Fix run tab change #1748
Increase performance of loading products #1740
check command's -c flag should remove the report directory #1646
Fix SQL query #1808

- Python
Published by gyorb over 7 years ago

codechecker - v6.8.0

New features

Command line features

#1635 Comparison of report directories from the command line (without database) Example: CodeChecker cmd diff -b /path/to/report_dir_base -n /path/to/report_dir_new --new

Analysis Related features

1654 Fine grain control of warnings

It will be possible to enable/disable clang warnings one-by-one. Example: CodeChecker analyze /path/to/build.log -o /path/to/output/dir --enable Wunused --disable Wno-unused-parameter Allow to set Clang Static Analyzer and Tidy checker options from CodeChecker command line See ticket (2018-Q3)
1703 Analyzer Configuration It is supported to set all clang-tidy and clang static analyzer parameters such as -analyzer-inline-max-stack-depth, - analyzer-max-loop through configuration files. For details see pull request.
1728 Configuration of Statistical Checkers

It will be possible to configure the significanceRatio and the minimumSampleCount for the statistical checkers: alpha.ericsson.statisticsbased.SpecialReturnValue, alpha.ericsson.statisticsbased.UncheckedReturnValue. See issue.
1720 Default C/C++ standard auto-detection

Detect automatically which C/C++ standard was used for compilation by gcc and pass the relevant option to Clang (e.g. -std=c++11) . See issue.

Web UI features

1675 Filter reports by report hash

It will be possible to filter findings on the WEB GUI and command line based on bug hash. For details see pull request.
1686 Filters for the checker statics page in WEB UI

Extended filters will be added to the statistics page. For details see pull request. Possibility to delete reports based on filters in the WEB UI
1624 Management (edit/add/delete) source code component definitions in the WEB UI
1721 Upload Analyzer Statistics to the central server

For each analysis run, the following statistics is collected and uploaded to the central server and shown for all runs (and also in the run history): files that were successfully analyzed or analyze with failiure, CodeChecker version used for analysis, clang version used for analysis.

Bug Fixes

1737 handle missing documentation file

1736 Increase API version

1735 fine tune error logs

1734 Renaming statistical test file to cpp

1733 Fixing exception when shutting down server process

1732 Making the test server start synchronous

1731 Fixing the make file

1728 New configuration options for statistical counting

1727 Hide Remove filtered reports button

1726 Fix some JS and python alerts

1723 calculate bug path length at store (schema change)

1722 Zombie processes remain on analysis interruption

1719 Query reports only when shown.

1717 improve error handling for packaging

1716 update dojotoolkit link for download

1715 change component filtering behavior

1714 Introducing clang-tidy config options file on the command line interface.

1713 Print statistics at the end of parse command

1712 Describe new features of v6.8

1711 Removing run reports in chunks Kind: Bugfix Target: Server

1710 Add new checker profile: portability

1708 Fix JavaScript old browser compatibility

1707 Fix long line in failure_lib.py

1706 Update web userguide

1705 Fixed Spelling.

1703 add checker and analyzer configuration documentation

1702 Fix checker name filter Kind: Bugfix Target: WebGUI

1701 Pass severity map dictionary instead of the file

1699 Encode html entities in PlistToHtml parser

1695 Handle invalid json files Kind: Bugfix

1694 increase scan-build version for osx install

1690 Fix confirmed bug icon at Checker statistics page

1689 restructure python requirements files

1685 Fasten tests Kind: Bugfix

1682 Extend filter text input field hint with example

1681 Set default severity level for compiler warnings

1680 Enable -Wall and -Wextra warnings by default

1679 Multiline messages are displayed properly

1678 Set default filter values at Checker statistics

1677 Fix CTU test

1676 Fix utf8 error at diff when generating html output

1675 Filter reports by report hash at the command line

1672 Ignore target dependent -mabi compiler option.

1670 Call getSeverityCounts correctly

1669 Fix compiler warning test cases

1668 sysroot parameter can be given multiple ways

1667 Update group field of the users tokens on login

1664 Filter results by report hash on the GUI Kind: Enhancement Target: WebGUI

1663 Plist to html browser support

add .envrc to gitignore Kind: Usability

1662 add .envrc to gitignore Kind: Usability

1660 Allow more product endpoint names to be valid Kind: Enhancement Target: Server

1658 Fix tidy output converter

1657 rename compile log file name in the bitbake example

1655 Set file path after items are added to bug tree

1650 Use valid license name

1648 Summarize results for source files at parse cmd

1645 Add statistics checkers' flags to CodeChecker check sub-command

1644 Minor fix in documentation

1641 Fix non existing report in the GUI

1640 Distinguish BuildAction objects on original build command

- Python
Published by dkrupp over 7 years ago

codechecker - v6.7.1

Bug Fixes

Open file with universal line endings #1631, #1625
Fix tidy fixit parsing #1620
Fix get report data while generating HTML reports #1610
Fix AttributeError: 'Namespace' object has no attribute 'skip_file' #1607
Filter values are removed when switching tabs #1603
Filter run history based on the selected run filter #1602
Fix source component filter and add more tests #1600
Fix removing source component #1597
Fix source component filter query in pgsql #1595
Fix getProducts API function to do exact match #1594
Fix userguide #1590
Locale compare and Diff view shows different results #1432
Review status hover on last element on table flows outside viewport #1385
Fix run history tab value in the URL on show event #1634

Improvements

Handle yet another unknown GCC flag (-mfloat-gprs=double) #1618
Increase performance of the UI #1613
Handle gcc-toolchain flag #1605
Support source component filter in the command line #1596
Update web userguide #1593
Show detection status dates in tool tip #1592
Create a new tab on the UI for change logs #1591
Prevent review status tool tip from closing if unhovered by click #1507
Redirect user to the desired page once the login process is completed #1504
Show the number of products in the tab #1394
Clicking on username in GUI header should show product permissions if product is open #1390

Changes

Taking out checks from the sensitive profile #1629
- cppcoreguidelines-no-malloc
- cppcoreguidelines-owning-memory
- cppcoreguidelines-pro-type-reinterpret-cast
- google-build-using-namespace
Severity level of google-build-using-namespace was changed to style #1629
Severity level of misc-redundant-expression was changed to medium #1627
Remove the build output from the build action hash. #1601
Fine tune log levels and db status logging #1633

Other

Change file format from dos to unix #1626
Tidy test updates (v6 outputs and Makefile) #1623
Enable verbose log in analyze tests #1622

- Python
Published by gyorb almost 8 years ago

codechecker - v6.7.0

Report counting

Report counting was reviewed to give a consistent view in the command line and at the web UI. The default views (without uniqueing) shows the reports as they were found by the analyzers.

Consistent report/bug counting #1443 #1449 #1541

Support Clang v6

Some of the Clang6 checker severity levels were not classified #1568 #1557
Upgrade the checker profiles for Clang6 #1538

CTU on-the-fly

CTU can still work by dumping the AST to the disk. The on-the-fly option managed the ASTs in memory.

Removing on-the-fly CTU functionality as it is not supported by Clang6 #1552

Checker renaming in Clang-tidy v6

Support for Clang-tidy 6 renamed checkers #1548 misc-assert-side-effect -> bugprone-assert-side-effect misc-argument-comment -> bugprone-argument-comment misc-bool-pointer-implicit-conversion -> bugprone-bool-pointer-implicit-conversion misc-dangling-handle -> bugprone-dangling-handle misc-fold-init-type -> bugprone-fold-init-type misc-forward-declaration-namespace -> bugprone-forward-declaration-namespace misc-inaccurate-erase -> bugprone-inaccurate-erase misc-move-forwarding-reference -> bugprone-move-forwarding-reference misc-multiple-statement-macro -> bugprone-multiple-statement-macro misc-string-constructor -> bugprone-string-constructor misc-use-after-move -> bugprone-use-after-move misc-implicit-cast-in-loop -> performance-implicit-conversion-in-loop misc-inefficient-algorithm -> performance-inefficient-algorithm misc-move-const-arg -> performance-move-const-arg misc-move-constructor-init -> performance-move-constructor-init misc-noexcept-move-constructor -> performance-noexcept-move-constructor readability-implicit-bool-cast -> readability-implicit-bool-conversion

New features/improvements
Component filters #846
It should be possible to diff two different tagged versions of the same run #1346
Generate index.html file by using PlistToHTML #1558
Review status C style comment format #1551
Skip duplicate reports when generating HTML output #1556
Enable passwordless token based authentication #1462
Getting the run results by providing the version tag #1496
Create separate filter options for cmd line #1497
Give better message when source files are missing #1537
Allow more product endpoint names to be valid #1530
LDAP hardening and tests #1305
List out version tag in command line #1485
List out latest version tag at runs command #1486
Show full file path in CodeChecker parse ouptut #1559
Handle more gcc/g++ arguments #1550
Command line header deduplication #1512
Improved relative path handling in the compile json #1553
Extend build command escaping in the logger #1506
Add -analyzer-config notes-as-events=true to the clang flags which will convert notes to events #1518
Skip compiler dependency generation actions from analysis #1488
bugprone-misplaced-operator-in-strlen-in-alloc checker added to severity map #1560
Adding static HTML output generation to the HOWTO. #1588

UI

Checks if no username supplied at login #1571
Show admins for each product #1474
Show bug path length for a report in bug report selection (left-hand, dropdown) #1505
Add check command to run history #1454
Extend html report information with checker name and severity #1546
Create tooltips for report table columns #1582
Detection status viewing and filtering together with uniqueing #1337
Show tooltip by hovering on unique checkbox label #1576
New column id in index.html at plistToHtml parser #1579
Unified report filter #1444 #1510
Highlight occurences of the selected text #1516
Clickable 'Entered call from' #508
Bug tooltip "Review status" should say what the icon means #1549
New detection date filter values #1437
New report count and uniqueing style on the UI #1586

Changes

Using NullPool for database connections #1584
Disable detection status if uniqueing is enabled #1513
Fix documentation #1583
Refactor list of products page #1489
Change analysis statistics total message #1499

Bug fixes

Skip reports at store #1566 #1575
Click on run history jumps to wrong tab #1392
Use file path from main section at plist-to-html #1573
Initialize run filters with the correct values #1577 #1580
Set default filter values on run history click #1574
Fix filtering based on detection dates #1569 #1567
Fix UI filter tooltip toggling items #1561
Command line diff does not do deduplication #1465
Allow html output only for diff and results at cmd #1515
Inline //codechecker_suppress comment is ineffective in static html output #1423
Apply ignore first, and ignore -flto flag. #1524
Fix non existing filter member #1540
Diff mode run history #1481
Change server startup timing for the tests #1535
"unsupported operand type(s)" when using a skipfile #1529
Ranges associated with issues are not highlighted #1514
Fix UI file path filter for run results #1521
In-line suppression is not considered by the parse command #1484
Do not highlight last bug path message if not absolutely last #1395
Do not use globals at bug filter view #1494
Fix review status comment typo handling #1547

Other

Bump up version to 6.7.0 #1498
Update readme with animation gif demo #1544
Split up analyze and parse tests #1406

- Python
Published by gyorb about 8 years ago

codechecker - v6.6.0

New features/Improvements

Support for Statistical Checkers (Experimental feature) #805
Multiple source code suppression comment format #1429
Handle more compiler flags unknown to clang #1431
Load run history asynchronously on the WebGUI #1472
Improve performance of bug path draw #1435
Extend product listing page with new fields #1364
Trim leading path from stored file paths #1411
Introduce a per product configurable run limit #1410
Improve user session handling at the server #1458
Improve api mismatch errors #1456
Product admins are able to nominate other users as product admins #1373
Rename file filter on the WebGUI #1438
Refactoring report filter UI #1401
Move thrift client call wrapper to a separate module #1448
User permission save error log improvement #1397
Adding report counting description the howto #1476
Exclude build actions which would compile a header file #1480
Fine tune statistics collectors ratio interval #1479
Skip linking action from compilation_database #1436

Changes

Remove BufferOverlap checker from the sensitive profile #1477

Bug fixes

CodeChecker check -o -c (clean switch) was ineffective #1421
Filter cmd line checker statistics #1416
Use consistent run name filter at cmd line #1417
Fix server product list mismatch in multi server #1471
Check command popup stick to right on the WebGUI #1393
If the run filter is cleaned it did not list the reports from all of the runs #1409
Checker name filter is not selected by clicking on a checker name in the statistics view #1347
In diff mode bug viewer cannot be opened #1466
Reset diff type filter items on change #1473
Build action map is created twice for pre analysis phase #1420
Fix thrift call wrapper host, port #1467
Fix errors found by pylint #1447
Fix diff type filter label #1439
Fix dependency gen problem in xerces #1419
Handle thrift error with fail callback on the WebGUI #1407
Server startup can be slow due to long dangling file garbage collection #1261
Support old suppress comment format files #1478

- Python
Published by gyorb about 8 years ago

codechecker - v6.5.1

Changes

Apply bug event and point to report id index #1377
Improve run deletion (session/synchronize) #1374
Set sqlalchemy pool size #1391
Sanity check for result storage and file content change #1320
At least one report directory should be mandatory for parse command #1343
Improve storage (severity handling) #1375
Order reports in the file view left hand pane by line #1358
Review status reason dialog should accept ENTER as submit if nothing is entered into textarea #1354
Update to Codemirror v5.25.0 #1355
Update to Jsplumb v2.2.0 #1380
Remove Google fonts #1381
Print the log level name by default #1370

Bug fixes

Clicking on a report in unique mode in bug overview not the selected report is shown #1365
Fix browser compatibility #1356
Suppress file import fails #1388
Pressing ESC in the review status reason window bolds the wrong status #1357
Regex printed weird into file filter selector but works right #1352
fix import in profiler and change output format #1376

- Python
Published by gyorb over 8 years ago

codechecker - v6.5

New features/Improvements

Web UI

Add regex based file filter in "all reports" tab and enable "select all files matching regex" #1162
Enable multiple selections of run name regex filters in all reports #1165
Remove review comment column from the bug list #1302

Command line

Extend command line filters with detection and review status #1312
Validate filter values in the command line #1345
Add total section for command line summary #1328
Support regex expressions for the run names in the command line #1322

Analyzers

Reanalyze without ctu on ctu failure (new command line argument --ctu-reanalyze-on-failure) #1297
Handle more Clang 5.0 unknown argument errors #1294
Use arch of the analyzer machine instead of the original one. #1308
Add a watcher to kill stuck jobs if analysis takes too much time (new argument --timeout) #1168

Server

Share user sessions through the database #1172
Prevent concurrent storage of the same run name from multiple shared servers #1138
Introduce storage limitations (run count) #1187
Do not limit run count for the server by default #1315

Documentation

User guide for using CodeChecker with BitBake #1329
Improvements to false positive guide. #1292
Fix the daily analysis integration template script always saying there are new bugs #1299

Changes

Improved logging #1048
Refactor plist to plaintext formatting (parse) #1334
Explicitly show version information in the build script output #1300
Add better diagnostics for ctu tests in case of failure #1298
Remove critical log from massStoreRun #1339
Remove soft session lifetime completely #1344

Bugfixes
Fix clicking on a uniqued bug #1330
Fix product editing #1310
Fix python-ldap not throwing exception on anonymous binds when it should #1296
Fix log format #1341
Remove the default log level #1338
Handle non existing session config file #1318
Fix logger initialization #1316
Fix typo of argument name resulting in name error #1317
Fix setup logger for command line #1314
Fix ctu_failure test not removing its test folder #1303
Disable plist update on plist parsing unit tests #1293
Remove run history by removing a run #1332
In diff view the bug path tree is not shown when viewing a report #1275
The current working directory may not exist. (debug tools) #1309

- Python
Published by gyorb over 8 years ago

codechecker - v6.4

New features

Show bug path length column in Bug overview GUI #1209

Fixes

WebServer/GUI

Bug steps disappears when switching arrows on/off #1243
Highlight the actual bug step #1244
Fix shown reports in run history view #1264
Remove outdated bug paths from run results if the bug remains in run #1155
Fix run history tag count query #1283

Analysis

-idirafter gcc argument is not forwarded to clang analyzer #1267
Fix analysis performance degradation on 2.6.32 and older kernels. Use manager to share data between processes #1276
-Werror flag is removed from clang sa/clang tidy invocation #1279
alpha.cpluscplus.IteratorRange was remove from all checker profiles as the checker is unstable #1255

Command line client

cmd diff -o html does not work if -n is a report directory #1277
Use the proper environment for db operations otherwise db upgrade may fail #1251
Fix get diff hashes for new bugs #1259
Fix of diff command failure in case of sqlite database and large queries #1281

Improvements

Add session related comments to massStoreRun #1263

- Python
Published by gyorb over 8 years ago

codechecker - v6.3

New

Include paths from environment variables in analysis phase #1184
--include flags shouldn't be skipped during analysis #1237
In anonymous mode allow superuser permission #1137
Understand HTTPS product and server URLs without a port specified as 443 #1146
Showing severity report count at the statistics page #1104
Enable copy-paste for links #1164
How to handle false positives HOWTO #1185
Feature comparison of cmd and webgui #1197
Performance/stress tests #808
Command line diff performance improvements #956
Show unique bug count in the run list page (instead of non unique) #1202
Include paths from environment variables in analysis phase #1184
Schema migration support of product databases #351
Mount the same configuration database to multiple servers #876

Changes

New report storage method: store every single bug report even if hash clashes, remove outdated resolved paths at run update #1213
Put full date in log messages not only the time #1214
Improve comments for the LDAP authentication #1217
Rename some column labels #1200
Use absolute path in logger #1097
Upgrade SQLAchemy to 1.1.11 #1107
Improve performance of report filters #1038
Do not reparse unchanged files to get suppression to improve performance #1231
Don't log as error if multiple source and triple is present in the log file #1230
Update plist file with report hash #1239
File cleanup refactoring #1131

Bug fix
Fix run storage error (AddFileRecord return value) #1215
Update line and column fields of report #1106
Mismatch between filter result count and number of listed reports #1093
Wrong handling of builtin includes during CTU collect phase #1143
--enable-all with other options doesn't run most of the clang-tidy checkers #1148
Server should not start in case of incorrectly formatted json file #1149
Exception is thrown if product name is not specified #1174
Exception is thrown while parsing compilation json #1180
After a run is deleted the counter is not updated #1152
Bug tree shows issues from all runs even if one run selected #1117
Remove gcc intrinsic and include-fixed include directories from analysis #1183
Ordering by File when Unique reports are enabled doesn't give an alphabetical order #1198
Handle more plist parsing errors #1225
Remove linecache usage #1227
Review status false positive is not set #1223
Failure zip does not contain all dependent headers (CTU) #1159
Make sure that file is closed if plist parsing fails #1216
Don't attempt to add the same file multiple times to the ZIP #1234
Generate report hash fix #1235
Fix server general exception #1242
Do not store same bug from plist files #1247

- Python
Published by gyorb over 8 years ago

codechecker - v6.2.1

Bug fixes

Web GUI filters for Checker name now shows the full list of checkers, not just the first 10. (#1156)
--enable-all given to check was not passed through to analyze. (#1163)
Fixed a bug at compiler target detection (#1180)
Fixed a connection handling issue to LDAP authentication backends. (#1139)
Fix CodeChecker making Clang-SA/Tidy use system GCC headers instead of the Clang's ones. (#1144, #1173)

Enhancements

URLs in the command-line specifying http:// or https:// should use port 80 and 443 respectively, if an explicit port is not given. (#1146, #1150, #1175)
CodeChecker server will now refuse to start if the session_config.json file is malformed. (#1151)
Comparing a local result folder to a run stored on the server has received a massive performance improvement. (#1169)

Miscellaneous

Added scripts to aid the debugging of failed analyses. (#1113)
Upgraded SQLAlchemy to a newer version. (#1142)

- Python
Published by whisperity over 8 years ago

codechecker - v6.2

New features

Local Compare mode (CodeChecker cmd diff) can generate HTML files with bug path #748
Show number of runs on the list of runs view #1079
Show the granted permissions for the currently logged in user on the GUI #875

Enhancements

Introduce better (debug) logging for CTU analysis #886, #1069, #1100, #1050
Group reports only by bug hash when uniqueing #1121
Make sure query strings and filters cannot be used for SQL attacks #902
Report storage session improvements for large amount of reports #1072
Add icons for tabs #1086
Development environment improvements #1105
Logging improvements #1119

Bug fixes

clang-tidy hash was incorrectly generated in some cases which caused some false new reports shown in diff view #1114
Fix Analysis failure if multiple cross-compiler was used (compilation target is registered per build action) #1099
Relative paths in compilation database were not properly handled at analysis which caused some analysis failures #1116
Performance improvement of unresponsive server (when the results contained thousands of files) #1053
Show the supported browser version #1084
Bad function parameter call at statistics #1103
Product page error in Firefox #1101
Fix a typo in the doc for psql commands #1108
Bug report was not opened correctly when opened from the All Reports view #1118

Changes

Remove cppcoreguidelines-pro-type-vararg from the sensitive profile #1080

Two checkers are conflicting and causing the analyzer to hang, until the checkers are fixed we removed the checker from the sensitive profile so it will not be enabled implicitly.

- Python
Published by gyorb over 8 years ago

codechecker - v6.1.1

Bug fixes

Clang-tidy result parsing error which caused increasing memory consumption #1064
UI fix: in the bug overview the result count and the number of shown bugs differs #533
UI fix: bug path was not shown in some cases #1033
CodeChecker analyze does not show analysis errors when it only re-analyze files #1043 If there was no explicit report output directory the default report directory was not cleaned up between two analysis runs, which could cause misleading results from the parse command.
Storage should be stopped immediately if a storage is already ongoing on with the same name #1013
--verbose debug_analyzer did not print the analysis calls #999

Improvements

report filter query performance improvements #1052
Limit the up loadable data size to the server #840
improve command line client coding convention #1070
documentation updates with CI loop script examples #994
test infrastructure updates #1055

Changes!

severity level of misc-string-compare checker was changed from HIGH to LOW #1058

- Python
Published by gyorb over 8 years ago

codechecker - v6.1

New features, improvements:

HTML report file generation support for CodeChecker parse command. These HTML files contain the full control-flow path of the detected bugs. They can be viewed off-line without accessing the CodeChecker server or sent in an email. #1034
CodeChecker cmd diff can be called for multiple runs. That is your results in the report directory can be compared against multiple runs using wildcards. #978
Checker profiles. Checker pre-selection profiles were introduced to help in the selection of checkers. Three new profiles were introduced in increasing order of sensitivity (and false positive rate): default, sensitive, extreme. #907
Clang will not warn about unused compiler arguments #985
Print clang generated report hash at the command line parse with the steps together #1009

Analyzer invocation

Better detection of gcc/g++ cross compilation parameters. --saargs and --tidyargs parameters should not be used for cross-compilation anymore. #995
Include directory detection for clang-tidy #993

Documentation changes:

New user guide accessible at the server #737
Improved PostgreSQL database setup documentation #1001

Bug fixes:

Web UI:

Report step were not shown on the UI #986 and #988
Statistics view did not show the results #950
Statistics view should not collect run names in the drop down #979
Product listing did not work properly in Firefox #912
Run without reports were not rendered correctly #1002
Run history tab switch did not work properly #1017
If there were many runs the loading of the run list was slow #1019

Command line:

Storage failed with sqlite db backend if there were many results. #1005
CodeChecker cmd sum command error #1004
CodeChecker cmd sum report uniqueing #1025
CodeChecker cmd sum get statistics only for the specified run names #1026
CodeChecker check command did not work properly when it was called without output directory #992

- Python
Published by gyorb over 8 years ago

codechecker - v6.0.1

BUG Fixes and small feature additions

#883 Analysis runs show the store duration
#958 Show the latest run tag in the run list table
#959 sorting by severity does not work in the bug list
#960 Show severity at the parse output
#961 Show result summary at the parse output
#962 run name filter in diff command
#963 update run tag if the same tag is used in one run

- Python
Published by bruntib over 8 years ago

codechecker - v6.0

CodeChecker 6.0 brings a huge amount of improvements to the CodeChecker infrastructure. This new major release sets forth a new direction aimed to increase the usability and effectiveness of CodeChecker as a code analysis and defect triaging system.

:exclamation: Massive backward incompatibility changes :exclamation:

This new major release changed the infrastructure in a way that your current CodeChecker usage might no longer be applicable.

Due to internal database layout changes, any CodeChecker database that was created with versions of CodeChecker 5 is not usable. You'll need to reanalyze your project.
The invocation of CodeChecker scripts have changed. Please make sure your custom integration scripts (if such exist) are working before relying on them. There is a high chance they won't.
The API to access the server programmatically has also changed. Custom clients, such as the Eclipse plugin, may no longer work properly.

Most important backward incompatible command line changes

CodeChecker store and cmd subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the commands should be executed on. For example instead of CodeChecker store --host localhost --port 8555 -n run_name you should use CodeChecker store --url localhost:8555/Default
- The check command which wrapped over log-analyze-store has been dropped. quickcheck has been renamed to check. An extra argument, --quiet has been introduced to analyze which silences analyzer output from the standard output. (#882)

Analysis framework

Major improvements

analyze now supports incremental analysis, in which the subsequent analyses of the project updates the contents of the OUTPUT_DIR folder, without duplicating plist files, or requiring the user to do a full analysis. (#719)
- --add-compiler-defaults option detects compilation target and gcc include directories, thus cross-compilation can be auto-detected. If --saargs or --tidyargs were used for the analyze sub-command to specify (cross) compilation target or include directories, they can now be replaced by a simple --add-compiler-defaults switch, which will auto-detect these compiler settings. (#921)

Minor changes

Various crashes and infinite hangs arising from analysis failure handling and dependency generation have been fixed. (#790)
CodeChecker analyze now takes an optional --capture-analysis-output argument which makes successful analyzer invocations' output to be saved into the OUTPUT_DIR. (#802)
Skip-files not applying to headers have been fixed. (#860)
The checkers sub-command has been unified to the new structure, so CodeChecker checkers now does the same as codechecker-checkers did since version 5.8. (#856)

Discontinued features

The check command which wrapped over log-analyze-store has been dropped. quickcheck has been renamed to check. An extra argument, --quiet has been introduced to analyze which silences analyzer output from the standard output. (#882)

Report storage

Major improvements

With the changes introduced in incremental analysis, CodeChecker now stores the detection status of a bug report. This feature requires the user to always analyze into the same OUTPUTDIR and then store the results from this folder. A bug can be _new, unresolved, resolved or reopened. (#724)
- Each bug begins its life as new. When a subsequent store call finds this bug again, the status will change to unresolved, and will stay there, until the bug disappears from the analyzer output. In this moment, the status will be resolved. If a resolved bug ever appears again in the analyzer results, its status will change to reopened. A reopened bug can turn resolved or unresolved in the next check depending on its status.
Storing analysis results have been made much faster by introducing a simpler transmission approach. (#724)
The multiple product system gives the users the ability to attach multiple analysis result databases to the same running CodeChecker server instance. These are separate databases each containing analysis results, managed in a new "configuration database", which is specified in the server's command-line. (#773)
Subsequent store calls with the same run name can now be tagged, e.g. to point out which version of the project was used. (#885)

Minor changes

CodeChecker subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the results should be stored to. (#773)

Web viewer application

Major improvements

CodeChecker now has a logo! (#771)
Bug reports can now be commented. Comments are shown for the same report found in multiple runs. (#742)
Bugs can now be assigned a review status of Unreviewed, Confirmed bug, False positive, Won't fix, along with an optional comment on why this status was applied. (#768)
- This replaces the suppress feature of the web application. Source code suppressions are imported into this new system as False positive reports.
A new filtering system has been created which makes the Web viewer much more versatile at searching for reports. (#847)
The history of run updates are stored and it is possible to recall the results of an earlier run (run history). It is also possible to "version tag" each update from command line and search for active reports based on update date. (#781)
Report Uniqueing: The same bug can be found by the analyzer on multiple paths and in multiple runs. A semantically unique bug is identified with a bug identifier hash. In the web viewer it is possible to list only semantically unique bug reports. (#811)
Checkers Summary Table: Provides a summary statistics of reports found by checkers summarized for all runs. (#826)
The web viewer has been updated with a new homepage that gives the users ability to search and select the product they want to view. (#773)
A new user guide for the web application has been added. (#865)
Reports that refer to semantically the same bug are now grouped on the viewer. (#891)

Minor changes

Tool-tip showing the full message in the bug path list is placed to start accordingly to the path list, not at the left center of the browser. (#720)
The list of runs can now be filtered for substrings in the run's name. (#753)
The username of the logged in user is now shown in the viewer. (#754)
Diffing two runs can now be made with radio buttons explicitly showing what will be diffed against which other run, instead of having to tick two check boxes in an order. (#766)
The bug steps are now also shown in the left-hand view, not just in the code. Floating bug step bubbles in the code were given better highlighting. (#798)
The code viewer has been made significantly faster. (#815, #871) # Command-line viewer client

Major improvements

The CodeChecker cmd sum sub-command now prints a more detailed breakdown on what reports are found per a particular checker. (#870)
The command-line viewer also takes some new arguments for the new filtering system. (#918)

Minor changes

Due to the removal of the suppress feature, CodeChecker cmd suppress now can only be used to import suppression data into a server. (#768)
CodeChecker cmd subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the commands should be executed on. (#773, #873)
Most of the command-line tools now take run names as a positional argument instead of --name. (#856)
Local compare mode will now properly understand suppressions in the souce code on the local side. (#858)

Security

Major improvements

CodeChecker Web server can be accessed through secure (encrypted, authenticated) HTTPS. (#899)
CodeChecker now supports a way to isolate user access and define permissions between the products configured. (#857)

Miscellaneous improvements

The bug report storage database has been revised, the new version of the database stores considerably less data from analyses, and we improved response time by making the database faster. (#709, #756, #764)
The documentation has been heavily extended to help our users better.

- Python
Published by whisperity over 8 years ago

codechecker - v5.10

The v5.10 version brings Cross--Translation-Unit analysis support to CodeChecker, along with minor bug fixes and usability improvements.

Cross Translation Unit analysis support

CTU is an experimental feature not yet introduced to release versions of Clang which will enable more accurate static analysis via the ability of finding code across the entire project. You can retrieve a version of Clang that is CTU-capable from Ericsson's clang fork.

To support the easy usage of CTU analysis, CodeChecker has been extended to invoke the analyzer in a CTU-compatible way.

CodeChecker analyze now take the argument --ctu which enables the analysis. These arguments are only available if the Clang on the system has CTU analysis capabilities.

Usability improvements

Instead of severity strings, show a colourful icon indicating the severity of the bug.
If an analysis fails, the entire source code is compressed with the analyzer output and the build commands into a failure zip archive.

Bugfixes

Fixed CodeChecker server --stop-all not being usable.
Fixed CodeChecker server ignoring the --sqlite argument and always using the workspace's ~/.codechecker/codechecker.sqlite as database.
Fixed analyzer crashes if the source file's name contained spaces.
Fixed analyzer automatic detection ignoring the order set in the PATH environment variable.

Miscellaneous changes

Various parts of the documentation has been improved.
Various minor bug fixes to the command-line output has been applied.

- Python
Published by whisperity almost 9 years ago

codechecker - v5.9

Release 5.9 brings new improvements and changes for an easier, more secure use to CodeChecker.

Incompatible command line changes!

Previously, to store analysis results, you needed to provide a database connection. This has been changed for both a more easier and secure usage model, which no longer requires having to know and input database credentials. A CodeChecker server is now needed by CodeChecker store to connect to and store runs in the database it is connected to. Because of this the command-line invocation has changed!, as follows:

A CodeChecker server needs to be started before analysis results can be stored to the database, i.e. before executing store or check commands.
Database-related arguments (--dbaddress, --dbport, --dbusername, --dbname, --sqlite, and --postgresql) have been removed from check and store.
Instead, --host and --port is to be used to specify which CodeChecker server accepts and stores the analysis results.
Servers which have authentication enabled require a valid session before allowing storage of analysis results. Use CodeChecker cmd login before calling store or check if your server is password protected.
- If the server is configured for a short time-out period for valid sessions and building your project and analyzing it takes too long, the session on the server can time out before the storage of results can commence. Please use log, analyze and store separately, or configure your server for a longer timeout.

New features

CodeChecker cmd diff allows diffing a run on a server and a local report folder containing plist files.
- E.g. CodeChecker cmd diff --basename release --newname ~/my_analyze_output --new will show reports introduced in your local folder without having to store your results to a CodeChecker server.

Improvements

CodeChecker cmd diff shows the source code line where the bug was found in its output.

Fixes

Fixed a rare crash that resulted because of special characters in the source files badly decoded by the client.
Fixed CodeChecker store unable to import any useful information from a report folder that did not contain metadata files alongside the plists.

Miscellaneous

CodeChecker debug has been removed.

- Python
Published by whisperity almost 9 years ago

codechecker - v5.8

The new release comes with many new features and bug fixes/improvements.
For a more detailed list of changes see the v5.8 milestone.

The v5.8 release tag was changed because some bug fixes we wanted to put into 5.8. Please update the git tags if you use them. Sorry for the inconvenience.

New features

improved run deletion in the command line (delete multiple runs, before/after a specific date ...)
automatically detect the installed clang versions on the host machine and select the newest version
suppression was re enabled on the UI even if no suppress file was given to the viewer server at start
- new command line option is available to export and import suppress information after an analysis
viewer server instance handling in the command line (list/stop already started servers)

Command line changes

the old commands kept for backward compatibility for now (check, server ...)
all of the command line options were refactored
new commands are available (see user guide for further details)
- log (only to generate a compile command json file)
- analyze (run the analysis (clangsa, clang-tidy) and generate plist reports)
- parse (parse the generated plist reports and print them to the stdout)
- store (process the generated plist reports and store them to a database)

GUI improvements

show version info
improved report path coloring and visualization

Checker changes

two clang-tidy checkers were removed from the default enabled list (generating too much reports) #675 users can enable them if needed
- misc-misplaced-widening-cast
- misc-throw-by-value-catch-by-reference

- Python
Published by gyorb almost 9 years ago

codechecker - v5.7.1

New features

This is a bug fix release no new features were added.

Bugfixes/changes

Improved GUI bugpath arrows
Fixed browser refresh errors
Fixed some plist importer bugs
Changed authentication using command line
No longer limiting the number of entries in the command line json output
...

See milestone for further details.

- Python
Published by gyorb over 9 years ago

codechecker - v5.7

Notice!

If you checked your project with the same run name multiple times just to update the results you might realized that some of the results were not removed or updated. This release should fix this problem but to work properly you might need to remove all the existing results and reanalyze your project.

New features

better (cross) compiler handling (compiler built-in defines and includes) with the --add-compiler-defaults flag

Other improvements

better error reporting
log messages with timestamps
source code cleanups and re-factoring

Bugfixes

checker result cleanup if run is updated
GUI filtering
...

- Python
Published by gyorb over 9 years ago

codechecker - v5.6

New features:

multiple authentication methods are supported now (PAM, LDAP, ...)
improved command line client (filtering, csv output)
improved quickcheck (skip and suppress support)
view analysis progress

UI improvements:

load results faster
show additional build related data

_Many bugfixes, usability improvements and source cleanup._

- Python
Published by gyorb over 9 years ago

codechecker - v5.5

What's new in this release:

OSX support #315
Use intercept-build for compilation command logging required for OSX optional on Linux
Store separately generated plist results into database #322
Documentation updates
Bugfixes

- Python
Published by gyorb almost 10 years ago

codechecker - v5.4

Some improvements worth to mention: - update mode analysis fixed - support for environment variables in configuration files #302 - some small GUI improvements #312 #313 - test infrastructure and documentation updates - further bugfixes ...

- Python
Published by gyorb almost 10 years ago

codechecker - v5.3

simplified and better visualization of bug events on the GUI
Clang/Clang-tidy v3.8 support
test infrastructure improvements
multiple bug fixes (command-line/GUI)

- Python
Published by gyorb about 10 years ago

codechecker - v5.2

Major changes: - SQLite is the new default database (--sqlite is deprecated) use --postgresql to store results into PostgreSQL - Update mode is enabled by default if analysis name is the same (--force is used to cleanup run results, --update is deprecated) - Sourcing init.sh script is not required anymore (add CodeChecker/bin to the PATH) - Some default arguments were changed (default work directory, server port, PostgreSQL port)

New Features: - Clang-tidy analyzer support - Forward arguments or configuration options to the analyzers - UI improvements

Bug fixes: - SQLite support fixes - Better CMake support. (logging more compiler names) - Performance improvements for deleting runs

Improved documentation

- Python
Published by gyorb over 10 years ago

codechecker - v5.1

New release with many bug fixes and new features.

Some highlights: - SQLite support - pg8000 interface support for PostgreSQL - new client APIs - web based GUI improvements

- Python
Published by gyorb over 10 years ago

codechecker - v5.0

With the new 5.0 version we switched to rolling release. Automatic database upgrades are supported to newer schema versions.

- Python
Published by gyorb over 10 years ago

codechecker - v4.0

New features compared to 3.0 - new you can add paths with regular expressions in the skip file - module and target field are removed from the database and filters (they are superflous) - bug fixes

- Python
Published by dkrupp almost 11 years ago

Recent Releases of codechecker

codechecker -

codechecker - v6.26.0

:star2: Highlights

:exclamation: Backward incompatible changes

:computer: CLI/Server improvements

:hammer: Other

:deciduous_tree: Environment

New Contributors

codechecker - v6.26.0-rc1

:star2: Highlights

:exclamation: Backward incompatible changes

:computer: CLI/Server improvements

:hammer: Other

:deciduous_tree: Environment

New Contributors

codechecker - v6.25.1

codechecker - 6.25.0

:star2: Highlights

Facebook Infer as a new C/C++ analyzer plugin

PVS Studio report conversion

:exclamation: Backward incompatible changes

:bug: Analyzer improvements

:computer: CLI/Server improvements

:deciduous_tree: Environment

:book: Documentation updates

:hammer: Other

New Contributors

What's Changed

New Contributors

codechecker - v6.24.7

codechecker - v6.24.6

codechecker - v6.24.5

codechecker - v6.25.0-rc1

:star2: Highlights

Facebook Infer as a new C/C++ analyzer plugin

PVS Studio report conversion

:exclamation: Backward incompatible changes

:bug: Analyzer improvements

:computer: CLI/Server improvements

:deciduous_tree: Environment

:book: Documentation updates

:hammer: Other

New Contributors

codechecker - v6.24.4

codechecker - v6.24.3

codechecker - v6.24.2

codechecker - v6.24.1

:star2: Highlights

Standard library handling change

ld_logger environment change

Enable checkers by group prefix

:computer: CLI/Server improvements

:deciduous_tree: Environment

:hammer: Other

codechecker - v6.24.0

:star2: Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

New Checker Coverage Statistics view with coding guideline references

Faster run storage

New Static HTML Report Pages

New report filter to list closed and outstanding reports

Web GUI improvements

:exclamation: Backward incompatible changes

:bug: Analyzer improvements

:computer: CLI/Server improvements

:deciduous_tree: Environment

:book: Documentation updates

:hammer: Other

New Contributors

codechecker - v6.24.0-rc1

:star2: Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

New Checker Coverage Statistics view

Faster run storage

New Static HTML Report Pages

Web GUI improvements

:exclamation: Backward incompatible changes

:bug: Analyzer improvements

:computer: CLI/Server improvements

`ld_logger` environment change

`--all` and `--details` were deprecated for `CodeChecker analyzers`

Clang warnings must be referred to as `clang-diagnostic-<warning-name>` (instead of `W<warning-name>`)

`--all` and `--details` were deprecated for `CodeChecker analyzers`