CodeChecker
CodeChecker

Travis Gitter Documentation Status

CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment.

CodeChecker is ported to Python3!
No Python2 support is planned. The minimal required Python3 version is 3.6.
Old virtual environments needs to be removed!

Web interface showing list of analysed projects and bugs

:bulb: Check out our DEMO showing some analysis results of open-source projects!

Main features

Command line C/C++ Analysis

Web based report storage

User documentation

C/C++ Analysis

Web based report management

Storage of reports from analyzer tools

CodeChecker can be used as a generic tool for visualizing analyzer results.

The following tools are supported:

Language Analyzer
C/C++ Clang Static Analyzer
Clang Tidy
Clang Sanitizers
Cppcheck
Facebook Infer
Coccinelle
Smatch
Java SpotBugs
Facebook Infer
Python Pylint
Pyflakes
JavaScript ESLint
TypeScript TSLint
Go Golint
Markdown Markdownlint

For details see supported code analyzers documentation and the Report Converter Tool.

Common Tools

Useful tools that can also be used outside CodeChecker.

Helper Scripts

Install guide

Linux

For a detailed dependency list, and for instructions on how to install newer clang and clang-tidy versions please see Requirements. The following commands are used to bootstrap CodeChecker on Ubuntu 18.04 LTS:

# Install mandatory dependencies for a development and analysis environment.
# NOTE: clang or clang-tidy can be replaced by any later versions of LLVM/Clang.
sudo apt-get install clang clang-tidy build-essential curl doxygen gcc-multilib \
      git python-virtualenv python3-dev

# Install nodejs dependency for web. In case of debian/ubuntu you can use the
# following commands. For more information see the official docs:
# https://nodejs.org/en/download/package-manager/
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejs

# Check out CodeChecker source code.
git clone https://github.com/Ericsson/CodeChecker.git --depth 1 ~/codechecker
cd ~/codechecker

# Create a Python virtualenv and set it as your environment.
make venv
source $PWD/venv/bin/activate

# Build and install a CodeChecker package.
make package

# For ease of access, add the build directory to PATH.
export PATH="$PWD/build/CodeChecker/bin:$PATH"

cd ..

Note: By default make package will build ldlogger shared objects for 32bit and 64bit too. If you would like to build and package 64 bit only shared objects and ldlogger binary you can set BUILD_LOGGER_64_BIT_ONLY environment variable to YES before the package build: BUILD_LOGGER_64_BIT_ONLY=YES make package.

Upgrading environment after system or Python upgrade

If you have upgraded your system's Python to a newer version (e.g. from 2.7.6 to 2.7.12 – this is the case when upgrading Ubuntu from 14.04.2 LTS to 16.04.1 LTS), the installed environment will not work out-of-the-box. To fix this issue, run the following command to upgrade your checker_env too:

cd ~/codechecker/venv
virtualenv -p /usr/bin/python3 .

Mac OS X

For installation instructions for Mac OS X see Mac OS X Installation Guide documentation.

Docker

To run CodeChecker server in Docker see the Docker documentation. You can find the CodeChecker web-server containter at the Docker Hub.

Analyze your first project

Setting up the environment in your Terminal

These steps must always be taken in a new command prompt you wish to execute analysis in.

source ~/codechecker/venv/bin/activate

# Path of CodeChecker package
# NOTE: SKIP this line if you want to always specify CodeChecker's full path.
export PATH=~/codechecker/build/CodeChecker/bin:$PATH

# Path of the built LLVM/Clang
# NOTE: SKIP this line if clang is available in your PATH as an installed Linux package.
export PATH=~/<user path>/build/bin:$PATH

Execute analysis

Analyze your project with the check command:

CodeChecker check -b "cd ~/your-project && make clean && make" -o ./results

check will print an overview of the issues found in your project by the analyzers. The reports will be stored in the ./results directory in plist XML format.

Export the reports as static HTML files

You can visualize the results as static HTML by executing

CodeChecker parse -e html ./results -o ./reports_html

An index page will be generated with a list of all repors in ./reports_html/index.html

Optionally store the results in Web server & view the results

If you have hundreds of results, you may want to store them on the web server with a database backend.

Start a CodeChecker web and storage server in another terminal or as a background process. By default it will listen on localhost:8001.

The SQLite database containing the reports will be placed in your workspace directory (~/.codechecker by default), which can be provided via the -w flag.

CodeChecker server

Store your analysis reports onto the server to be able to use the Web Viewer.

CodeChecker store ./results -n my-project

Open the CodeChecker Web Viewer in your browser, and you should be greeted with a web application showing you the analysis results.

Important limitations with older Clang versions

Clang 3.6 or earlier releases are NOT supported due to CodeChecker relying on features not available in those releases.

If you have Clang 3.7 installed you might see the following warning message:

Hash value wasn't found in the plist file.

Developer documentations

Conference papers, presentations