Skip to content

CodeChecker is a defect database and viewer extension for Clang Static Analyzer

License

Notifications You must be signed in to change notification settings

Locutus18/codechecker

Repository files navigation

Build Status

Introduction

CodeChecker is a static analysis infrastructure built on Clang Static Analyzer.

CodeChecker replaces scan-build in Clang Static Analyzer in Linux systems.

It provides

  • a new command line tool for analyzing projects
  • dynamic web based defect viewer (instead of static html)
  • a Postgresql based defect storage & management
  • incremental bug reporting (show only new bugs compared to a baseline)
  • suppression of false positives
  • better integration with build systems (through the LD_PRELOAD mechanism)
  • Thrift API based server-client model for storing bugs and viewing results.
  • It is possible to connect multiple bug viewers. Currently a web-based viewer and a command line viewer are provided.

You can find a high level overview about the infrastructure in the presentation at the 2015 Euro LLVM Conference:

Industrial Experiences with the Clang Static Analysis Toolset
Daniel Krupp, Gyorgy Orban, Gabor Horvath and Bence Babati
( Slides)

Important Limitations

CodeChecker requires some new features from clang to work properly. If your clang version does not have these features you will see warning messages like these during the check:

  • Check name wasn't found in the plist file. --> use clang = 3.7 or trunk@r228624; otherwise CodeChecker makes a guess based on the report message
  • Hash value wasn't found in the plist file. --> wait for a newer clang version; otherwise CodeChecker generates a simple hash based on the filename and the line content

Linux

Packaging requirements

  • Git (> 1.9.1)

  • Thrift compiler (> 0.9.2)

    required to generate python and javascript files

  • Doxygen (> 1.8)

    markdown support is required

  • Build-logger

    ld-logger is used to create a build log from the build commands. It is possible to build package without ld-logger. In that case no automatic compilation logging is available.
    There should be already an existing file containing the compilation commands (in cmake with the 'CMAKE_EXPORT_COMPILE_COMMANDS' option) to run the static analyzer. To build ld-logger 32 and 64 bit versions gcc multilib and make is required

  • Other external dependencies are automatically downloaded and copied to the necessary directories in the package. Additional runtime requirements are described in the next external source dependencies section.

Runtime requirements

Install & setup

Tested on Ubuntu LTS 14.04.2


# get ubuntu packages
sudo apt-get install clang-3.6 libpq-dev postgresql postgresql-client-common postgresql-common doxygen build-essential thrift-compiler python-virtualenv python-dev gcc-multilib git

# setup database for a test_user
sudo -i -u postgres
# add a test user with "test_pwd" password
createuser --createdb --login --pwprompt test_user
exit

# PostgreSQL authentication
# PGPASSFILE environment variable should be set to a pgpass file
# For format and further information see PostgreSQL documentation:
# http://www.postgresql.org/docs/current/static/libpq-pgpass.html

echo "*:5432:*:test_user:test_pwd" >> ~/.pgpass
chmod 0600 ~/.pgpass

# create new python virtualenv
virtualenv -p /usr/bin/python2.7 ~/checker_env
# activate virtualenv
source ~/checker_env/bin/activate

# install required python modules
pip install -r .ci/python_requirements

# create codechecker package
git clone https://github.com/Ericsson/codechecker.git
cd codechecker
./build_package.py -o ~/codechecker_package
cd ..

Check a test project


# check if clang is available
which clang

# if 'clang' command is not available the package can be configured to use another clang binary for checking like 'clang-3.6'
# edit the 'CodeChecker/config/package_layout.json' config file "runtime" section in the generated package and
# extend it with a new config option '"compiler_bin" : "clang-3.6",'

# activate virtualenv
source ~/checker_env/bin/activate

# directory to store temporary files during the static analysis
mkdir ~/checker_workspace

# source codechecker
source ~/codechecker_package/CodeChecker/init/init.sh

# check project using the default postgresql database port and the newly created db user
CodeChecker check --dbusername test_user --dbport 5432 -n test_project_check -w ~/checker_workspace -b "cd my_test_project && make clean && make"

Start the viewer Web server


# activate virtualenv
source ~/checker_env/bin/activate

# source codechecker
source ~/codechecker_package/CodeChecker/init/init.sh

# start web server on port 8080 on localhost only
CodeChecker server --dbusername test_user --dbport 5432 -w ~/checker_workspace -v 8080

#check results with firefox
#firefox http://localhost:8080

If all goes well you can check analysis results in your web browser:

CodeChecker Viewer

See user guide for further configuration and check options

##Additional documentations User guide

Checker documentation

Package layout

Thrift api

External source dependencies

Test documentation

Database schema migration

About

CodeChecker is a defect database and viewer extension for Clang Static Analyzer

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 79.4%
  • JavaScript 8.5%
  • C 5.8%
  • Thrift 2.6%
  • Objective-C 1.5%
  • C++ 0.8%
  • Other 1.4%