CodeChecker is ported to Python3!
No Python2 support is planned. The minimal required Python3 version is 3.6.
Old virtual environments needs to be removed!
:bulb: Check out our DEMO showing some analysis results of open-source projects!
Command line C/C++ Analysis
- Executes Clang-Tidy and Clang Static Analyzer with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available).
- Creates the JSON compilation database by wiretapping any build process (e.g.,
CodeChecker log -b "make").
- Automatically analyzes GCC cross-compiled projects: detecting GCC or Clang compiler configuration and forming the corresponding clang analyzer invocations.
- Incremental analysis: Only the changed files and its dependencies need to be reanalyzed.
- False positive suppression with a possibility to add review comments.
- Result visualization in command line or in static HTML.
Web-based report storage
- You can store & visualize thousands of analysis reports of many analyzers like
For a complete list see Supported Analyzers
- Web application for viewing discovered code defects with a streamlined, easy experience (with PostgreSQL, or SQLite backend).
- Gerrit and GitLab integration Shows analysis results as GitLab or Gerrit reviews.
- Filterable (defect checker name, severity, source paths, ...) and comparable (calculates difference between two analyses of the project, showing which bugs have been fixed and which are newly introduced) result viewing.
- Diff mode: This shows the list of bugs that have been introduced since your last analyzer execution.
- Results can be shared with fellow developers, the comments and review system helps communication of code defects.
- Easily implementable Thrift-based server-client communication used for storing and querying of discovered defects.
- Support for multiple bug visualization frontends, such as the web application, a command-line tool and an Eclipse plugin.
Command line features
CodeChecker command has many subcommands which can be used for example to
log and analyze your projects, print the results or start a web server. For
full list see the following table or check the help message of this command
||Execute the supported code analyzers for the files recorded in a JSON Compilation Database.|
||Print the version of CodeChecker analyzer package that is being used.|
||List supported and available analyzers.|
||Perform analysis on a project and print results to standard output.|
||List the checkers available for code analysis.|
||View analysis results on a running server from the command line.|
||Apply automatic fixes based on the suggestions of the analyzers.|
||Run a build command, collect the executed compilation commands and store them in a JSON file.|
||Print analysis summary and results in a human-readable format.|
||Start and manage the CodeChecker Web server.|
||Save analysis results to a database.|
||Print the version of CodeChecker package that is being used.|
||Print the version of CodeChecker server package that is being used.|
CodeChecker cmd subcommand also has many other subcommands which can be used
to get data (products, runs, results, statistics) from a running CodeChecker
server. For full list see the following table or check the help message of this
CodeChecker cmd --help):
||List the available analysis runs.|
||Show run history of multiple runs.|
||List analysis result (finding) summary for a given run.|
||Compare two analysis runs and show the difference.|
||Show statistics of checkers.|
||Access subcommands related to configuring personal access tokens managed by a CodeChecker server.|
||Delete analysis runs.|
||Update an analysis run.|
||Manage and import suppressions of reports on a CodeChecker server.|
||Access subcommands related to configuring the products managed by a CodeChecker server.|
||Access subcommands related to configuring the source components managed by a CodeChecker server.|
||Authenticate into CodeChecker servers that require privileges.|
||Export comments and review statuses from CodeChecker.|
||Import comments and review statuses into CodeChecker.|
- Step 1:
CodeChecker logruns the given build command and records the executed compilation steps. These steps are written to an output file (Compilation Database) in a JSON format.
- Step 2:
CodeChecker analyzeuses the previously created JSON Compilation Database to perform an analysis on the project, outputting analysis results in a machine-readable (plist) format.
- Step 3: In this step, you can do multiple things:
- Parse and pretty-print the summary and results from analysis result files
- Store the results to a running CodeChecker server (
- Compare two analysis results/runs to show the results that differ between
the two (
CodeChecker cmd diff).
- Parse and pretty-print the summary and results from analysis result files (
For more information how to use CodeChecker see our user guide.
- Analyzer User guide
- Avoiding or suppressing false positives
- Checker and Static Analyzer configuration
- GCC incompatibilities
- Suppressing false positives
Web based report management
- Webserver User Guide
- WEB GUI User Guide
- Command line and WEB UI Feature overview
- Security configuration
- Configuring Authentication
- Configuring Authorization
- Deploy server using docker
- Server Configuration
- Configuring Server Logging
- Setting up multiple CodeChecker repositories in one server
- Continuous Integration(CI)
- Setting up CI gating with Gerrit and Jenkins
- Database Configuration
- PostgreSQL database backend setup guide
- CodeChecker server and database schema upgrade guide
Storage of reports from analyzer tools
CodeChecker can be used as a generic tool for visualizing analyzer results.
The following tools are supported:
|C/C++||Clang Static Analyzer|
Useful tools that can also be used outside CodeChecker.
- Build Logger (to generate JSON Compilation Database from your builds)
- Plist to HTML converter (to generate HTML files from the given plist files)
- Report Converter Tool (to convert analysis results from other analyzers to the codechecker report directory format))
- Translation Unit Collector (to collect source files of a translation unit or to get source files which depend on the given header files)
- Report Hash generator (to generate unique hash identifiers for reports)
Install CodeChecker via
CodeChecker is available on the pypi and can be installed with the following command:
pip3 install codechecker
Note: this package can be installed on
pip3 command is available. On
intercept-build must be
installed for logging (
CodeChecker log). On
Windows, logging is not
Installing CodeChecker via
Snap package manager
CodeChecker is available on the Snap Store and can be installed with the following command:
sudo snap install codechecker --classic
Note: Unfortunately, the snap package supports only lower case command names.
For this reason, you need to use
codechecker command instead of
everywhere. For a full list of available commands in the codechecker snap package,
snap info codechecker.
For a detailed dependency list, and for instructions on how to install newer Clang and Clang-Tidy versions, please see Requirements. The following commands are used to bootstrap CodeChecker on Ubuntu 20.04 LTS:
# Install mandatory dependencies for a development and analysis environment. # NOTE: clang or clang-tidy can be any sufficiently fresh version, and need not # come from package manager! sudo apt-get install clang clang-tidy build-essential curl gcc-multilib \ git python3-dev python3-venv # Install nodejs dependency for web. In case of Debian/Ubuntu you can use the # following commands. For more information see the official docs: # https://nodejs.org/en/download/package-manager/ curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash - sudo apt-get install -y nodejs # Check out CodeChecker source code. git clone https://github.com/Ericsson/CodeChecker.git --depth 1 ~/codechecker cd ~/codechecker # Create a Python virtualenv and set it as your environment. # NOTE: if you want to develop CodeChecker, use the `venv_dev` target instead # of `venv`. make venv source $PWD/venv/bin/activate # [Optional] If you want to use external authentication methods (LDAP / PAM) # follow the instructions in # docs/web/authentication.md#external-authentication-methods # Build and install a CodeChecker package. make package # For ease of access, add the build directory to PATH. export PATH="$PWD/build/CodeChecker/bin:$PATH" cd ..
- By default,
make package will build ldlogger shared objects for
64bit too. If you would like to build and package
64 bit only
shared objects and ldlogger binary you can set
environment variable to
YES before the package build:
BUILD_LOGGER_64_BIT_ONLY=YES make package.
- By default, the
make package will build the UI code if it's not built yet
or the UI code is changed. If you wouldn't like to build the UI code you can
BUILD_UI_DIST environment variable to
NO before the package build:
BUILD_UI_DIST=NO make package.
make standalone_package instead of
make package to avoid
having to manually activate the environment before running CodeChecker.
Upgrading environment after system or Python upgrade
If you have upgraded your system's Python to a newer version (e.g., from
2.7.12 – this is the case when upgrading Ubuntu from
14.04.2 LTS to 16.04.1 LTS), the installed environment will not work
out-of-the-box. To fix this issue, run the following command to upgrade your
cd ~/codechecker/venv python3 -m venv .
Mac OS X
For installation instructions for Mac OS X see Mac OS X Installation Guide documentation.
Visual Studio Code Plugin
Main features: - Run CodeChecker analysis from the editor and see the results automatically. - Re-analyze the current file when saved. - Commands and build tasks for running CodeChecker as part of a build system. - Browse through the found reports and show the reproduction steps directly in the code. - Navigate between the reproduction steps.
For more information how to install and use this plugin see the repository of this extension.
Analyze your first project
Setting up the environment in your Terminal
These steps must always be taken in a new command prompt you wish to execute analysis in.
source ~/codechecker/venv/bin/activate # Path of CodeChecker package # NOTE: SKIP this line if you want to always specify CodeChecker's full path. export PATH=~/codechecker/build/CodeChecker/bin:$PATH # Path of the built LLVM/Clang # NOTE: SKIP this line if clang is available in your PATH as an installed Linux package. export PATH=~/<user path>/build/bin:$PATH
Analyze your project with the
CodeChecker check -b "cd ~/your-project && make clean && make" -o ./results
check will print an overview of the issues found in your project by the
analyzers. The reports will be stored in the
./results directory in
Export the reports as static HTML files
You can visualize the results as static HTML by executing
CodeChecker parse -e html ./results -o ./reports_html
An index page will be generated with a list of all repors in
Optionally store the results in Web server & view the results
If you have hundreds of results, you may want to store them on the web server with a database backend.
Start a CodeChecker web and storage server in another terminal or as a
background process. By default, it will listen on
The SQLite database containing the reports will be placed in your workspace
~/.codechecker by default), which can be provided via the
Store your analysis reports onto the server to be able to use the Web Viewer.
CodeChecker store ./results -n my-project
Open the CodeChecker Web Viewer in your browser, and you should be greeted with a web application showing you the analysis results.
Important limitations with older Clang versions
3.6 or earlier releases are NOT supported due to CodeChecker
relying on features not available in those releases.
If you have Clang
3.7 installed you might see the following warning message:
Hash value wasn't found in the plist file.
- Use Clang
>= 3.8or trunk
r251011— otherwise CodeChecker generates a simple hash based on the filename and the line content. This method is applied for Clang-Tidy results too, because Clang-Tidy does not support bug identifier hash generation currently.
- Package layout
- Thrift interface
- Package and integration tests
- Checker documentation mapping file
Conference papers, presentations
- A high-level overview about the infrastructure is available amongst the
2015Euro LLVM Conference presentations.
Dániel KRUPP, György ORBÁN, Gábor HORVÁTH and Bence BABATI:
Industrial Experiences with the Clang Static Analysis Toolset