• Stars
    star
    2,243
  • Rank 20,533 (Top 0.5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 9 years ago
  • Updated about 1 month ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy


CodeChecker
CodeChecker

Github Action Gitter Documentation Status

CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment.

Web interface showing list of analysed projects and bugs

πŸ’‘ Check out our DEMO showing some analysis results of open-source projects!

Main features

Command line C/C++ Analysis

  • Executes Clang-Tidy, Clang Static Analyzer with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available), and Cppcheck.
  • Creates the JSON compilation database by wiretapping any build process (e.g., CodeChecker log -b "make").
  • Automatically analyzes GCC cross-compiled projects: detecting GCC or Clang compiler configuration and forming the corresponding clang analyzer invocations.
  • Incremental analysis: Only the changed files and its dependencies need to be reanalyzed.
  • False positive suppression with a possibility to add review comments.
  • Result visualization in command line or in static HTML.

Web-based report storage

  • You can store & visualize thousands of analysis reports of many analyzers like Clang Static Analyzer (C/C++), Clang Tidy (C/C++), Facebook Infer (C/C++, Java), Clang Sanitizers (C/C++), Spotbugs (Java), Pylint (Python), Eslint (Javascript) ...
    For a complete list see Supported Analyzers
  • Web application for viewing discovered code defects with a streamlined, easy experience (with PostgreSQL, or SQLite backend).
  • Gerrit and GitLab integration Shows analysis results as GitLab or Gerrit reviews.
  • Filterable (defect checker name, severity, source paths, ...) and comparable (calculates difference between two analyses of the project, showing which bugs have been fixed and which are newly introduced) result viewing.
  • Diff mode: This shows the list of bugs that have been introduced since your last analyzer execution.
  • Results can be shared with fellow developers, the comments and review system helps communication of code defects.
  • Easily implementable Thrift-based server-client communication used for storing and querying of discovered defects.
  • Support for multiple bug visualization frontends, such as the web application, a command-line tool and an Eclipse plugin.

Command line features

CodeChecker command has many subcommands which can be used for example to log and analyze your projects, print the results or start a web server. For full list see the following table or check the help message of this command (CodeChecker --help):

CodeChecker subcommand Description
analyze Execute the supported code analyzers for the files recorded in a JSON Compilation Database.
analyzer-version Print the version of CodeChecker analyzer package that is being used.
analyzers List supported and available analyzers.
check Perform analysis on a project and print results to standard output.
checkers List the checkers available for code analysis.
cmd View analysis results on a running server from the command line.
fixit Apply automatic fixes based on the suggestions of the analyzers.
log Run a build command, collect the executed compilation commands and store them in a JSON file.
parse Print analysis summary and results in a human-readable format.
server Start and manage the CodeChecker Web server.
store Save analysis results to a database.
version Print the version of CodeChecker package that is being used.
web-version Print the version of CodeChecker server package that is being used.

CodeChecker cmd subcommand also has many other subcommands which can be used to get data (products, runs, results, statistics) from a running CodeChecker server. For full list see the following table or check the help message of this subcommand (CodeChecker cmd --help):

CodeChecker cmd subcommand Description
runs List the available analysis runs.
history Show run history of multiple runs.
results List analysis result (finding) summary for a given run.
diff Compare two analysis runs and show the difference.
sum Show statistics of checkers.
token Access subcommands related to configuring personal access tokens managed by a CodeChecker server.
del Delete analysis runs.
update Update an analysis run.
suppress Manage and import suppressions of reports on a CodeChecker server.
products Access subcommands related to configuring the products managed by a CodeChecker server.
components Access subcommands related to configuring the source components managed by a CodeChecker server.
login Authenticate into CodeChecker servers that require privileges.
export Export comments and review statuses from CodeChecker.
import Import comments and review statuses into CodeChecker.

Usage flow

Usage diagram

  • Step 1: CodeChecker log runs the given build command and records the executed compilation steps. These steps are written to an output file (Compilation Database) in a JSON format.
  • Step 2: CodeChecker analyze uses the previously created JSON Compilation Database to perform an analysis on the project, outputting analysis results in a machine-readable (plist) format.
  • Step 3: In this step, you can do multiple things:
    • Parse and pretty-print the summary and results from analysis result files (CodeChecker parse).
    • Store the results to a running CodeChecker server (CodeChecker store).
    • Compare two analysis results/runs to show the results that differ between the two (CodeChecker cmd diff).
    • etc.

For more information how to use CodeChecker see our user guide.

User documentation

C/C++ Analysis

Web based report management

Storage of reports from analyzer tools

CodeChecker can be used as a generic tool for visualizing analyzer results.

The following tools are supported:

Language Analyzer
C/C++ Clang Static Analyzer
Clang Tidy
Clang Sanitizers
Cppcheck
Facebook Infer
Coccinelle
Smatch
Kernel-Doc
Sparse
cpplint
C# Roslynator.DotNet.Cli
Java SpotBugs
Facebook Infer
Python Pylint
Pyflakes
JavaScript ESLint
TypeScript TSLint
Go Golint
Markdown Markdownlint
Sphinx

For details see supported code analyzers documentation and the Report Converter Tool.

Common Tools

Useful tools that can also be used outside CodeChecker.

Helper Scripts

Install guide

Install CodeChecker via pip

CodeChecker is available on the pypi and can be installed with the following command:

pip3 install codechecker

Note: this package can be installed on Linux, OSX and Windows systems where pip3 command is available. On OSX, intercept-build must be installed for logging (CodeChecker log). On Windows, logging is not available.

Installing CodeChecker via the snap package manager

CodeChecker is available on the Snap Store and can be installed with the following command:

sudo snap install codechecker --classic

Note: Unfortunately, the snap package supports only lower-case command names. For this reason, you need to use codechecker command instead of CodeChecker everywhere. For a full list of available commands in the codechecker snap package, run snap info codechecker.

Linux

For a detailed dependency list, and for instructions on how to install newer Clang and Clang-Tidy versions, please see Requirements. The following commands are used to bootstrap CodeChecker on Ubuntu 20.04 LTS:

# Install mandatory dependencies for a development and analysis environment.
# NOTE: clang or clang-tidy can be any sufficiently fresh version, and need not
#       come from package manager!
#       In case of Cppcheck, the minimal supported version is 1.80.
sudo apt-get install clang clang-tidy cppcheck build-essential curl gcc-multilib \
      git python3-dev python3-venv python3-setuptools

# Install nodejs dependency for web. In case of Debian/Ubuntu you can use the
# following commands. For more information see the official docs:
# https://nodejs.org/en/download/package-manager/
curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs

# Check out CodeChecker source code.
git clone https://github.com/Ericsson/CodeChecker.git --depth 1 ~/codechecker
cd ~/codechecker

# Create a Python virtualenv and set it as your environment.
# NOTE: if you want to develop CodeChecker, use the `venv_dev` target instead
# of `venv`.
make venv
source $PWD/venv/bin/activate

# [Optional] If you want to use external authentication methods (LDAP / PAM)
# follow the instructions in
# docs/web/authentication.md#external-authentication-methods

# Build and install a CodeChecker package.
make package

# For ease of access, add the build directory to PATH.
export PATH="$PWD/build/CodeChecker/bin:$PATH"

cd ..

Notes:

  • By default, make package will build ldlogger shared objects for 32bit and 64bit too. If you would like to build and package 64 bit only shared objects and ldlogger binary you can set BUILD_LOGGER_64_BIT_ONLY environment variable to YES before the package build: BUILD_LOGGER_64_BIT_ONLY=YES make package.
  • By default, the make package will build the UI code if it's not built yet or the UI code is changed. If you wouldn't like to build the UI code you can set the BUILD_UI_DIST environment variable to NO before the package build: BUILD_UI_DIST=NO make package.
  • Use make standalone_package instead of make package to avoid having to manually activate the environment before running CodeChecker.

Upgrading environment after system or Python upgrade

If you have upgraded your system's Python to a newer version (e.g., from 2.7.6 to 2.7.12 – this is the case when upgrading Ubuntu from 14.04.2 LTS to 16.04.1 LTS), the installed environment will not work out-of-the-box. To fix this issue, run the following command to upgrade your checker_env too:

cd ~/codechecker/venv
python3 -m venv .

Mac OS X

For installation instructions for Mac OS X see Mac OS X Installation Guide documentation.

Docker

To run the CodeChecker server in Docker see the Docker documentation. You can find the CodeChecker web-server container at the Docker Hub.

Visual Studio Code plugin

You can install and use CodeChecker VSCode extension from the Visual Studio Marketplace or from Open VSX.

Main features:

  • Run CodeChecker analysis from the editor and see the results automatically.
  • Re-analyze the current file when saved.
  • Commands and build tasks for running CodeChecker as part of a build system.
  • Browse through the found reports and show the reproduction steps directly in the code.
  • Navigate between the reproduction steps.

VSCode plugin

For more information how to install and use this plugin see the repository of this extension.

GitHub Actions CI

CodeChecker executed in GitHub Actions

CodeChecker can be executed via a reusable GitHub action for your project! You need only specify the build command, as if you would run the analysis locally.

For more information, check out the CodeChecker Static Analysis action on the GitHub Actions Marketplace.

Analyze your first project

Setting up the environment in your Terminal

These steps must always be taken in a new command prompt you wish to execute analysis in.

source ~/codechecker/venv/bin/activate

# Path of CodeChecker package
# NOTE: SKIP this line if you want to always specify CodeChecker's full path.
export PATH=~/codechecker/build/CodeChecker/bin:$PATH

# Path of the built LLVM/Clang
# NOTE: SKIP this line if clang is available in your PATH as an installed Linux package.
export PATH=~/<user path>/build/bin:$PATH

Execute analysis

Analyze your project with the check command:

CodeChecker check -b "cd ~/your-project && make clean && make" -o ./results

check will print an overview of the issues found in your project by the analyzers. The reports will be stored in the ./results directory in plist XML format.

Export the reports as static HTML files

You can visualize the results as static HTML by executing

CodeChecker parse -e html ./results -o ./reports_html

An index page will be generated with a list of all repors in ./reports_html/index.html

Optionally store the results in Web server & view the results

If you have hundreds of results, you may want to store them on the web server with a database backend.

Start a CodeChecker web and storage server in another terminal or as a background process. By default, it will listen on localhost:8001.

The SQLite database containing the reports will be placed in your workspace directory (~/.codechecker by default), which can be provided via the -w flag.

CodeChecker server

Store your analysis reports onto the server to be able to use the Web Viewer.

CodeChecker store ./results -n my-project

Open the CodeChecker Web Viewer in your browser, and you should be greeted with a web application showing you the analysis results.

Important environmental limitations

Python 2 and older Python 3 releases

CodeChecker has been ported completely to Python 3. No Python 2 support is planned. You will need at least Python version 3.8. Old virtual environments that were created with a Python 2 interpreter need to be removed.

Upgrading environment after system or Python upgrade

If you have upgraded your system's Python to a newer version (e.g., from 2.7 to 3.8 – this is the case when upgrading Ubuntu from 14.04 LTS to 20.04 LTS), the installed environment will not work out-of-the-box. To fix this issue, run the following command to upgrade your checker_env too:

cd ~/codechecker/venv
python3 -m venv .

Older Clang versions

Clang 3.6 or earlier releases are NOT supported due to CodeChecker relying on features not available in those releases.

If you have Clang 3.7 installed you might see the following warning message:

Hash value wasn't found in the plist file.

Use Clang >= 3.8 or SVN trunk r251011 / Git commit efec163 β€” otherwise, CodeChecker generates a simple hash based on the filename and the line content. This method is applied for Clang-Tidy results too, because Clang-Tidy does not support bug identifier hash generation currently.

Developer documentations

Conference papers, presentations

More Repositories

1

CodeCompass

CodeCompass is a software comprehension tool for large scale software written in C/C++ and Java
C++
518
star
2

ETCPACK

Provides code for compression of textures for ETC1, ETC2 and EAC textures
C++
203
star
3

jaq

jaq is a CLI tool for scripting and chaining JSON API requests.
Go
44
star
4

ecaudit

Ericsson Audit plug-in for Apache Cassandra
Java
43
star
5

proxy

Powerful interception library that lets you at runtime change the behavior of objects and classes
Java
41
star
6

CodeCheckerEclipsePlugin

This is an Eclipse plugin that shows C/C++ static analysis results found by Clang Static Analyzer and Clang Tidy
Java
32
star
7

ericsson-hds-agent

Open Source HDS Agent
Go
28
star
8

ecchronos

Ericsson distributed repair scheduler for Apache Cassandra
Java
28
star
9

CodecheckerVSCodePlugin

VSCode plugin that shows bugs detected by the Clang Static Analyzer and Clang Tidy analyzers using CodeChecker as a backend.
TypeScript
23
star
10

SUPL-3GPP-LPP-client

This project is a set of libraries, examples and tools to facilitate the development of 3GPP LPP clients.
C
19
star
11

ove

OVE gathers git repositories and the knowledge how to build and test them
Shell
18
star
12

robot_hw_sim_latency

Custom gazebo_ros_control simulation plugin that can add latency to communication between ros_control and gazebo
C++
15
star
13

xcm

The Extensible Connection-oriented Messaging (XCM) library.
C
15
star
14

secure_coding_one_stop_shop_for_python

Secure Coding in Python
Python
14
star
15

essvt

A repository for contributions related to the ESSVT test automation tool
13
star
16

ered

An Erlang client library for Valkey/Redis Cluster
Erlang
13
star
17

c3-meet

Peer-to-peer video conferencing using Ericsson C3
JavaScript
12
star
18

c3-web-examples

C3 Web Examples
HTML
11
star
19

c3-drop

Drop and share files using Ericsson C3
JavaScript
11
star
20

apex

APEX: Adaptive Policy eXecution Engine
10
star
21

PXNR-No-reference-video-quality-estimation

The code herein is a sample implementation of the Ericsson submission to the ITU-T SG12 P.NATS phase 2 competition for a no-reference pixel based video quality estimation module
Python
9
star
22

jira-oslc-plugin

JIRA OSLC plugin is a JIRA add-on. Main role of this plugin is extend JIRA functionalities to provide establishing and removing OSLC links between JIRA issue and external OSLC object. Plugin enables handling OSLC links in N to M mode. The plugin supporting JIRA7 is stored in 'jira7' branch.
Java
9
star
23

puppet-module-netbackup

Puppet module to manage NetBackup
Ruby
7
star
24

paf

Pathfinder service discovery server
Python
7
star
25

c3-bank-demo

Demo banking app for Ericsson Contextual Communication Cloud
JavaScript
7
star
26

c3-web-guide

Interactive guide to Ericsson C3 Web SDK
JavaScript
6
star
27

package-netbackup

Scripts to extract and package NetBackup
Shell
5
star
28

puppet-module-observium

Puppet module to manage Obversvium
Puppet
5
star
29

puppet-module-cron

Puppet module to manage cron
Ruby
4
star
30

zoti

ZOTI (Zero Overhead Topology Infrastructure) is a collection of tools for describing code synthesis flows towards heterogeneous platforms.
Python
4
star
31

puppet-module-vas

Puppet module to manage DELL Authentication Services previously known as VAS or Quest Authentication Services
Ruby
4
star
32

dataplanebook

A book on data plane software design
C
4
star
33

c3-server-sdk

JavaScript
3
star
34

c3-web-devtools

JavaScript
3
star
35

unify-virtualizer

EU-FP7-UNIFY's virtualizer library implemented in Python
Python
3
star
36

scenarios

Scenarios is an advanced way to define and schedule test execution using Java API. Scenarios give flexibility of executing tests in parallel, repeating same test code with different input data and simulating events combining multiple executions of Flows. Scenarios allow defining a wide variety of tests: from Acceptance and Integration tests to End-to-End and Performance tests. For debugging advanced executions, Scenarios provide visualization support.
Java
3
star
37

oss-automatic-bug-assignment

This repository contains the source code used in the experiments of the Master's Thesis "Tuning of machine learning algorithms for automatic bug assignment" (Daniel Artchounin), conducted on Eclipse JDT and Mozilla Firefox. In this Master's Thesis, a systematic four-step method to find some of the best configurations of several machine learning algorithms intending to solve the automatic bug assignment problem has been introduced. This method has been evaluated on 66 066 bug reports of Ericsson, 24 450 bug reports of Eclipse JDT and 30 358 bug reports of Mozilla Firefox.
Python
3
star
38

libpaf

Pathfinder service discovery client library
C
2
star
39

ove-tutorial

OVE tutorial
Shell
2
star
40

puppet-module-afs

manage OpenAFS with new EIS packages
Ruby
2
star
41

puppet-module-motd

Puppet module to manage MOTD
Ruby
2
star
42

puppet-module-arc

manages libtcl symlink and /etc/rndrelease
Ruby
2
star
43

puppet-module-tacacsplus

Puppet module to manage TACACS+
Ruby
2
star
44

cognitive-labs

Ericsson Cognitive Labs home-page
HTML
2
star
45

c3-ios-sdk

ECCC iOS SDK
JavaScript
1
star
46

puppet-module-krb5

Ruby
1
star
47

eiffel-schemas

eiffel-schemas
1
star
48

puppet-module-vmware

Ruby
1
star
49

package_nrpe

Scripts to build and package nrpe
Shell
1
star
50

puppet-module-sudo

Puppet module to manage sudo
Ruby
1
star
51

Ardesco-VSCode-Extension

Ardesco extension for VS Code
TypeScript
1
star
52

papyrus-patches

A number of feature patches for Eclipse Papyrus fixing the Sequence diagrams
Java
1
star
53

eiffel-examples

eiffel-examples
Python
1
star
54

puppet-module-swrepo

Puppet module to manage software package repositories
Ruby
1
star
55

tfs-oslc-adapter

OSLC TFS Adapter extends TFS with OSLC/REST interface. It allows access to TFS data from other external tools or systems. OSLC TFS Consumer is TFS plugin which updates data of external tools or systems using their OSLC/REST interface.
Java
1
star
56

eiffel-event-repository

Java
1
star
57

artemis

Artemis is a highly scalable parallel and distributed cloud simulation suite that can be used to simulate cloud scenarios involving millions of live simulation entities and thousands of events per second. It provides the base APIs for creation and modelling of cloud resources, cloud consumers, and cloud control mechanisms. Artemis is developed with the main focus on design, implementation and evaluation of methodologies targeting the outstanding problems in cloud computing such as virtual service placement, dynamic resource management, resource provision modelling, resource usage modelling, virtual network embedding, cloud dimensioning, resource monitoring, fault tolerance, and high availability.
1
star