Skip to content

Releases: Ericsson/codechecker

v6.25.0-rc1

11 Dec 09:07
@bruntib bruntib
v6.25.0-rc1
920d710
Compare
Choose a tag to compare
v6.25.0-rc1 Pre-release
Pre-release

🌟 Highlights

Guideline Statistics page under the statistics tab to generate SEI Cert Compliance reports

A new Guideline Statistics page is added under the statistics tab to generate SEI Cert Compliance reports.
image

This page shows the compliance of an analyzed program to a coding guideline (such as SEI Cert C/C++) . It shows all checkers corresponding to a guideline rule, their configuration status (on/off) and all outstanding and closed reports per guideline rule.

It is possible to generate the table into HTML and CSV format.

The first supported guidelines are SEI Cert C and C++.

Facebook Infer as a new C/C++ analyzer plugin

Besides clang-tidy, clang static analyzer, cppcheck and gcc, Facebook Infer is a well known open-source static code analyzer tool https://github.com/facebook/infer

CodeChecker will support executing this analyzer. It will not be enabled by default, but is available for testing.

image

PVS Studio report conversion

From now on, it will be possible to convert the reports of the https://pvs-studio.com/en/pvs-studio/ analyzer and handle them with CodeChecker.
PVS-Studio Static Code Analyzer support by @feeelin in #4356

❗ Backward incompatible changes

  • Resolve checker enable/disable ambiguity by @noraz31 in #4377 and by @cservakt in #4392
    CodeChecker analyze emits an error (instead of a warning) when the enabled checkers/profiles/checker prefix groups are given ambigously. In these cases the ambiguity must be resolved. For example CodeChecker analyze -e security command is ambigous as security is a checker group (all checkers starting with security. and a profile at the same time. Please define explicitly CodeChecker -e prefix:security if you mean the prefix group, or profile:security if you mean the security profile.

CodeChecker -e clang-diagnostic-format will give an error, because it is ambigous if the user means the clang-diagnostic-format single checker, or all chekcers starting with clang-diagnostic-format. To refer the former, the user must user checker:clang-diagnostic-format or to the latter prefix:clang-diagnostic-format.

If you have such clashing cases, you must resolve them. The following namespaces can be used
prefix: - to mach checkera starting with a prefix
profile: - to match a checker profile
checker: - to match a single checker
guideline: - to match checkers belonging to a guideline
severity: - to match checkers belonging to a given severity.

  • The skip file handling changed! Adding a --drop-reports-from-skipped-files parameter to analyze by @dkrupp in #4332
    After this patch, the skip files will only skip the analysis of the listed files, but will not filter out any reports. This may result in more reports than before.
    By default CodeChecker used to filter out all reports from files which were on the skip list. This can hide true positive reports strating from unskipped code and ending in skipped files (typical with CTU and header related findings).
    This patch removes the default report filtering post processing step from CodeChecker analyze --skip SKIPFILE operation.
    The legacy functionality is still available with the --drop-reports-from-skipped-files paramer.

  • guideline:sei-cert cannot be used anymore. The sei-cert guideline profile was split to guideline:sei-cert-c for the C guideline and guideline:sei-cert-cpp for the C++ guideline. #4400

  • CodeChecker -e W* syntax is not supported anymore. Clang warnings only appear as clang-diagnostic-* checkers and the

🐛 Analyzer improvements

  • [fix] Resolve checker enable/disable ambiguity #4392
  • [fix] Don't capture cc1 by the logger. by @bruntib in #4300
  • Add -mmitigate-rop to ignored options by @noraz31 in #4295
  • Removing alpha checkers from the security profile so it can be used in production by @dkrupp in #4284
  • [analyzer] Adds -fno-freestanding to ignored GCC compiler flags by @ArchieAtkinson in #4281
  • [analyzer] Disable clang-diagnostic-error checker by @cservakt in #4325
  • [analyzer] Ignore -fno-printf-return-value by @pdgendt in #4329
  • [anayzer] Fb infer by @stt08 in #4257

💻 CLI/Server improvements

🌳 Environment

📖 Documentation updates

  • Modified documentation to match current procedures for changing schema by @feyruzb in #4366
  • chore: Remove ancient, unused docs/checker_docs.md by @whisperity in #4283
  • additional library was required for venv_dev by @stt08 in #4273

🔨 Other

Read more

Contributors

tomhughes, whisperity, and 13 other contributors
Assets 2
Loading

v6.24.4

27 Oct 22:23
@bruntib bruntib
v6.24.4
454d978
Compare
Choose a tag to compare
v6.24.4 Latest
Latest

This release fixes a bug about permission settings:

  • [fix] Get product configuration with view permission #4375
    Users with admin rights couldn't get product configuration page for changing product configuration or setting user permissions.
Assets 2
Loading

v6.24.3

18 Oct 13:36
@dkrupp dkrupp
v6.24.3
42074b5
Compare
Choose a tag to compare
v6.24.3

This release fixes an authentication issue:

  • CodeChecker authentication fixed #4369
    Version 6.24.2 introduced the super_user field in the server_config.json.
    If this field was missing from the config file, the authentication did not work for any user.
Assets 2
Loading

v6.24.2

18 Oct 10:23
@dkrupp dkrupp
v6.24.2
ad41702
Compare
Choose a tag to compare
v6.24.2

This release contains security vulerability fixes.
It is highly recommended to upgrade to this as soon as possible.

  1. [fix] Removing the root user creation 3bb2cbf
    Backward incompatible change: The built-in root user generated at CodeChecker server start with
    CodeChecker --reset-root ... has been disabled.
    Instead, the user can give SUPER_USER permission to an existing user in the server_config.json
    For further details, see https://github.com/Ericsson/codechecker/blob/master/docs/web/user_guide.md#initial-super-user

  2. Fix the endpoint parsing issue 8953b30
    CodeChecker web server has accepted some invalid URLs. The URL parsing has been hardened.

Assets 2
Loading

v6.24.1

13 Sep 11:25
@bruntib bruntib
v6.24.1
2cc6285
Compare
Choose a tag to compare
v6.24.1

🌟 Highlights

Standard library handling change

GCC has implicit include paths that are forwarded to Clang. Until now these paths were added with -isystem flag, but sometimes the priority of this is too high: https://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html The implicit include paths should be searched the last, so -isystem has been changed to -idirafter.
In case of potential backward compatibility break --add-gcc-include-dirs-with-isystem has been introduced for "CodeChecker analyze" command which reverts this change.

ld_logger environment change

CodeChecker log command uses the LD_PRELOAD environment variable for collecting the build commands. This environment variable relies on LD_LIBRARY_PATH which tells where to find the .so file set in LD_PRELOAD. Some build systems overwrite the value of LD_LIBRARY_PATH and for this reason CodeChecker fails to collect build commands. A solution to this problem was to fill LD_PRELOAD with an absolute path. However, this solution doesn't work when the analyzed project is built for multiple target architectures (e.g 32 and 64 bits), since CodeChecker sets a single absolute path based on the host architecture.
If the project's build system is resetting LD_LIBRARY_PATH, then the workaround solution is to extend LD_LIBRARY_PATH with the proper ldlogger.so file: For further details consult this documentation.

Enable checkers by group prefix

Checkers can be enabled by providing a group prefix. For example, cplusplus.NewDeleteLeaks can be enabled by --enable cplusplus. The problem was that checkers are enabled by any name prefix, so this former checker is also enabled by cplusplus.NewDelete which is not an intended behavior. This release fixes this issue.
Also, it was possible to enable checkers by suffix (e.g. --enable NewDeleteLeaks). As of this release, the suffix matching is not checked either.

💻 CLI/Server improvements

  • [fix] Don't reset PATH in Cppcheck plugin #4320
  • [feat] Implicit include paths added with -idirafter #4315
  • Revert "[analyzer] Use absolute path to logger.so in LD_PRELOAD" #4314
  • [cmd] Checker name prefixes are meant along separator characters #4311
  • Analyzer binary dependent environment #4305
  • [fix] Support joker characters at annotation filter #4306
  • [Fix] Report sorting in unique mode #4294
  • [fix] Don't enable checkers by suffix #4307
  • [fix] Minor fixing for statistics tabs #4304
  • [fix] Error when debug logging skipped actions #4301
  • [fix] Don't capture cc1 by the logger. #4300
  • Add -mmitigate-rop to ignored options #4295
  • [analyzer] Ignore -fno-printf-return-value #4329
  • [fix] Disable clang-diagnostic-error checker #4325
  • [fix] Missing analyzer error #4330
  • [fix] Forwarding --ctu-ast-mode to analyze command #4341
  • Environment initialization for binaries #4337

🌳 Environment

  • [cfg] Add setuptools as a dependency #4285
  • Deprecate distutils #4286
  • Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/labels/label_tool #4290
  • [cfg] Upgrade to pylint 3.2.4 #4279
  • [analyzer] Adds -fno-freestanding to ignored GCC compiler flags #4281
  • [cfg] Upgrade pycodestyle to 2.12.0 #4264
  • [cfg] Upgrade lxml version #4262

🔨 Other

  • [test] The assertDictContainsSubset() is depreceted and removed #4322
  • [fix] fix compare_results.py sciprt #4319
  • [script] Script for querying all reports #4245
  • [cmd] Display warning instead of debug log for missing diagtool #4342
Assets 2
Loading

v6.24.0

12 Jun 14:36
@dkrupp dkrupp
v6.24.0
ea79507
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.24.0

🌟 Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

CodeChecker provides a new view in the "Analysis information tab" which lists all checkers that were enabled during analysis.

image

  • feat(server): Store information about available checkers to the database by @whisperity in #4089

New Checker Coverage Statistics view with coding guideline references

CodeChecker provides a new view to display all enabled checkers for a set of selected runs. Additionally, it also lists all guideline rules related to the given checker. For example, you can verify whether your code has any SEI Cert coding guideline violation.

The new table lists all checkers that were enabled in a set of selected analysis runs, shows the number of outstanding reports and the number of closed reports per enabled checker and the related coding guideline rules.

How is this new view different compared to the existing "Checker Statistics View"?
The Checker Statistics View only displays checkers that produced reports for the selected runs.
This new view additionally lists all checkers that were enabled in the last analysis for the selected runs.

image

  • [GUI] New "Checker Coverage" statistics tab to show all enabled checkers and … by @cservakt in #4210

Faster run storage

Thanks to a new optimization, the run storage duration can be up to 50% faster.

New Static HTML Report Pages

  • [cmd] Restructure static HTML generation so it can handle much larger result set. #4168
  • [feat] Display dynamic analysis generated testcase and timestamp columns in static HTML #4172

New report filter to list closed and outstanding reports

A new filter has been added to list outstanding and closed reports. An outstanding report is a report with detection status new, reopened, unresolved with review status unreviewed or confirmed.

image

Web GUI improvements

❗ Backward incompatible changes

None

🐛 Analyzer improvements

  • [analyzer] Ignore -fno-tree-dominator-opts by @bo-dani in #4141
  • [fix] Cppcheck premium version check by @bruntib in #4155
  • [gcc] Don't emit a missing gcc warning if no checkers are enabled by @Szelethus in #4179
  • [fix] --cppcheckargs should be present in "CodeChecker check" by @bruntib in #4178
  • [gcc][GUI] Fix indentations for gcc fn calls bug reports by @Szelethus in #4182
  • Add functionality to validate analyzer and checker options by @noraz31 in #4204
  • Fix a bug in #3866 where check didn't respect --no-missing-checker-error by @Szelethus in #4217
  • Display warning if the compilation database is empty by @noraz31 in #4226
  • Do not allow parse if the does not exist by @noraz31 in #4212
  • [fix] Pass envp to posix_spawn in ld_logger by @bruntib in #4146
  • [analyze] Removing long enabled checker list at info log level by @dkrupp in #4103

💻 CLI/Server improvements

  • Fix debug logging in store by @vodorok in #4134
  • Fix remote server path resolution by @vodorok in #4131
  • [report-converter][fix] Don't crash when we can't find the checker name for ubsan by @Szelethus in #4143
  • Fix typo 'vesion' in sarif conversion template by @SirMutantRat in #4140
  • [report-converter] Allow for empty strings in sanitizer error msgs by @Szelethus in #4147
  • [fix] Eliminate unnecessary error logging by @bruntib in #4162
  • Fix impossible blame info collection by @vodorok in #4190
  • fix(migration): Migrate reports with appropriate default checker ID by @whisperity in #4191
  • fix(migration): Do not emit log output for checker_id normalisation by @whisperity in #4198
  • feat(server): Multiprocess migration and db_cleanup #4175
  • [fix] Prevent overlapping report groups #4215
  • [fix] Replace UTF-8 dash characters #4216
  • [cmd] Check for non-existing source components by @bruntib in #4203
  • Fix a crash where config handlers were built with missing binaries by @Szelethus in #4241
  • [fix] Creating new temporary directory for zip files by @cservakt in #4237
  • [db] Faster query for comment garbage collection by @bruntib in #4254
  • [fix] Use module uuid instead of tempfile by @bruntib in #4253
  • [cmd] Add --anywhere-on-report-path flag to CLI by @bruntib in #4255
  • Support relative paths in the --file option by @noraz31 in #4250
  • [Fix] Drop foreign key constraints for faster analysis info deleting by @cservakt in #4259

🌳 Environment

  • Adding OpenSSF Scorecard badge to README by @gkunz in #4164

📖 Documentation updates

  • [doc] Fix documentation URL in highlights page by @bruntib in #4136
  • [docs] Rewrite the docs for diff by @Szelethus in #4006
  • chore(docs): Remove mentions of Python 2 and ancient Clang limitations from the README by @whisperity in #4174
  • Update usage.md: fix typo by @ArnaudBienner in #4153
  • Fix Broken Links In Documentation by @justindhillon in #4159
  • Fix typos by @omahs in #4173
  • additional guidance for silicon mac users by @feyruzb in #4188
  • chore(config): [clangsa][clang-tidy] Fix dead doc_urls in checker labels by @whisperity in #4214
  • [config] Label Clang 18.0-19.trunk SA & Tidy checkers by @sylvestre in #4193
  • [fix] Links in static HTML files should be relative by @bruntib in #4236
  • feat(script): Verify the existence of checker config doc_url pages and find appropriate older releases for gone (removed, dealpha, etc.) checkers by @whisperity in #4207

🔨 Other

  • Bump version to 6.24.0 by @vodorok in #4126
  • Bump follow-redirects from 1.15.3 to 1.15.4 in /web/server/vue-cli by @dependabot in #4151
  • Bump gitpython from 3.1.37 to 3.1.41 in /web by @dependabot in #4150
  • [fix] Fixing getReportAnnotations subquery by @cservakt in #4229
  • chore(ci): Disable failing and dangerous PyPI publishing job by @whisperity in #4231
  • Updating clangsa sei cert mapping for clang 18 by @dkrupp in #4239
  • chore(config): Add automatically generated doc_urls and severitys by @whisperity in #4224
  • chore(config): [clang-tidy] Update SEI-CERT Guideline mappings by @whisperity in #4235
  • [config] Adding sei-cert rule mappings for clang diagnostics by @dkrupp in #4243
  • Always pass absolute paths to skip handler by @vodorok in #4227
  • [config] Minor updates of the clangsa, clang-tidy profiles by @dkrupp in #4246
  • Make sure that the Number of runs is displayed correctly by @noraz31 in #4242
  • [fix] Store temp .plist files in report dir during store by @bruntib in #4248
  • [feature] Adding guideline label to Checker Coverage tab by @cservakt i...
Read more

Contributors

sylvestre, ArnaudBienner, and 14 other contributors
Assets 2
Loading

v6.24.0-rc1

18 Apr 06:41
@dkrupp dkrupp
v6.24.0-rc1
f05a9bf
Compare
Choose a tag to compare
v6.24.0-rc1 Pre-release
Pre-release

🌟 Highlights

Listing of Enabled/Disabled Checkers in the WEB UI per run

CodeChecker provides a new view in the "Analysis information tab" which lists all checkers that were enabled during analysis.

image

  • feat(server): Store information about available checkers to the database by @whisperity in #4089

New Checker Coverage Statistics view

CodeChecker provides a new view to display all enabled checkers for a set of selected runs.
The new table lists all checkers that were enabled in a set of selected analysis runs, shows the number of outstanding reports and the number of closed reports per enabled checker.

How is this new view different compared to the existing "Checker Statistics View"?
The Checker Statistics View only displays checkers that produced reports for the selected runs.
This new view additionally lists all checkers that were enabled in the last analysis for the selected runs.

image

  • [GUI] New "Checker Coverage" statistics tab to show all enabled checkers and … by @cservakt in #4210

Faster run storage

Thanks to a new optimization, the run storage duration can be up to 50% faster.

New Static HTML Report Pages

  • [cmd] Restructure static HTML generation so it can handle much larger result set. #4168
  • [feat] Display dynamic analysis generated testcase and timestamp columns in static HTML #4172

Web GUI improvements

  • [fix] Fixing OFF and UNAVAILABLE detectionStatus in the report sidebar by @cservakt in #4127
  • feat(gui): Checker status auditing by @whisperity in #4156
  • test(gui): Add front-end test for checked status in AnalysisInfo dialog by @whisperity in #4202

❗ Backward incompatible changes

None

🐛 Analyzer improvements

  • [analyzer] Ignore -fno-tree-dominator-opts by @bo-dani in #4141
  • [fix] Cppcheck premium version check by @bruntib in #4155
  • [gcc] Don't emit a missing gcc warning if no checkers are enabled by @Szelethus in #4179
  • [fix] --cppcheckargs should be present in "CodeChecker check" by @bruntib in #4178
  • [gcc][GUI] Fix indentations for gcc fn calls bug reports by @Szelethus in #4182

💻 CLI/Server improvements

  • Fix debug logging in store by @vodorok in #4134
  • Fix remote server path resolution by @vodorok in #4131
  • [report-converter][fix] Don't crash when we can't find the checker name for ubsan by @Szelethus in #4143
  • Fix typo 'vesion' in sarif conversion template by @SirMutantRat in #4140
  • [report-converter] Allow for empty strings in sanitizer error msgs by @Szelethus in #4147
  • [fix] Eliminate unnecessary error logging by @bruntib in #4162
  • Fix impossible blame info collection by @vodorok in #4190
  • fix(migration): Migrate reports with appropriate default checker ID by @whisperity in #4191
  • fix(migration): Do not emit log output for checker_id normalisation by @whisperity in #4198
  • feat(server): Multiprocess migration and db_cleanup #4175
  • [fix] Prevent overlapping report groups #4215
  • [fix] Replace UTF-8 dash characters #4216

🌳 Environment

  • Adding OpenSSF Scorecard badge to README by @gkunz in #4164

📖 Documentation updates

🔨 Other

New Contributors

Full Changelog: v6.23.1...v6.24.0-rc1

Contributors

ArnaudBienner, whisperity, and 11 other contributors
Assets 2
Loading

v6.23.1

14 Dec 14:35
@bruntib bruntib
v6.23.1
2a8fa6e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.23.1

What's Changed

Full Changelog: v6.23.0...v6.23.1

Contributors

bruntib, vodorok, and cservakt
Assets 2
Loading

v6.23.0

08 Dec 21:36
@cservakt cservakt
v6.23.0
bea15d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.23.0

🌟 Highlights

GCC Static Analyzer support

We are happy to announce that CodeChecker added native support for the GCC Static Analyzer! This analyzer checks code in the C family of languages, but its latest release at the time of writing is still best used only on C code. Despite it being a bit immature for C++, we did some internal surveys where the GCC Static Analyzer seemed to be promising.

We expect this analyzer to be slower than clang-tidy, but faster than the Clang Static Analyzer. You can enable it by adding --analyzers gcc to your CodeChecker check or CodeChecker analyze commands. For further configuration, check out the GCC Static Analyzer configuration page.

GNU GCC 13.0.0. (the minimum version we support) can be tricky to obtain and to make CodeChecker use it, as CodeChecker looks for the g++ binary, not g++-13. As a workaround, you can set the environmental variable CC_ANALYZER_BIN which will make CodeChecker use the given analyzer path (e.g. CC_ANALYZER_BIN="gcc:/usr/bin/g++-13"). You can use CodeChecker analyzers to check whether you have the correct binary configured.

You can enable gcc checkers by explicitly mentioning them at the analyze command e.g.

CodeChecker analyze -e gcc

gcc checkers are only added to the exterme profile. After evaluation, some checkers may be added to other profiles too.

Under the same breath, we added partial support for the SARIF file format (as opposed to using plists) to report-converter, with greater support planned for future releases.

Review status config file

In previous CodeChecker versions, you could set the review status of a report using two methods: using in-source comments, or setting a review status rule in the GUI. The former sets the specific report's review status, the latter sets all matching reports' review status.

This release introduces a third way, a review status config file! One of the motivations behind this is that we wanted to have a way to set review statuses on reports in specific directories (which was not possible on the GUI). CodeChecker uses a YAML config file that can be set during analysis:

$version: 1
rules:
  - filters:
      filepath: /path/to/project/test/*
      checker_name: core.DivideZero
    actions:
      review_status: intentional
      reason: Division by zero in test files is automatically intentional.

  - filters:
      filepath: /path/to/project/important/module/*
    actions:
      review_status: confirmed
      reason: All reports in this module should be investigated.

  - filters:
      filepath: "*/project/test/*"
    actions:
      review_status: suppress
      reason: If a filter starts with asterix, then it should be quoted due to YAML format.

  - filters:
      report_hash: b85851b34789e35c6acfa1a4aaf65382
    actions:
      review_status: false_positive
      reason: This report is false positive.

This is how you can use this config file for an analysis:

CodeChecker analyze compile_commands.json --review-status-config review_status.yaml -o reports

The config file allows for a great variety of ways to match a report and set its review status. For further details see this documentation.

Enable/disable status of checkers

In this release the unknown Checker status has been eliminated. CodeChecker will enable only those checkers that are either present in the default profile (see CodeChecker checkers --profile default) or enabled using the --enable argument (through another profile or explicitly through a checker name).

In previous CodeChecker versions, when you ran an analysis, we assigned three states to every checker: it's either enabled, disabled, or neither (unknown). We kept the third state around to give some leeway for the analyzers to decide which checkers to enable or disable, usually to manage their checker dependencies. We now see that this behavior can be (and usually is) confusing, party because it's hard to tell which checkers were actually enabled.

You can list the checkers enabled by default using the CodeChecker checkers command:

CodeChecker 6.22.0 output:
 
CodedeChecker checkers |grep clang-diagnostic-varargs -A7
clang-diagnostic-varargs
  --> Status: unknown <---
  Analyzer: clang-tidy
  Description:
  Labels:
    doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvarargs
    severity:MEDIUM
 
=>
CodeChecker 6.23.0 output:
 
CodeChecker checkers |grep clang-diagnostic-varargs -A7
clang-diagnostic-varargs
  ---> Status: disabled <---
  Analyzer: clang-tidy
  Description:
  Labels:
    doc_url:https://clang.llvm.org/docs/DiagnosticsReference.html#wvarargs
    severity:MEDIUM

Major fixes to run/tag comparisons (diff)

Following a thorough survey, we identified numerous areas to improve on our run/tag comparisons. We landed several patches to improve the results of diffs both on the CLI and the web GUI (which should be almost always identical). Despite that this feature has the appearance of a simple set operation, diff is a powerful tool that can express a lot of properties on the state of your codebase, and has a few intricacies. For this reason, we also greatly improved our docs around it.

A detailed description of the issues are described in this ticket: #3884

One example is that the if the suppression was removed for a finding, the diff did not show the reappearing result as new (in local/local diff):

// Code version 1:
void c() {
  int i = 0; // deadstore, this value is never read
  // codechecker_suppress [all] SUPPRESS ALL
  i = 5;
}


// Code version 2 (suppression removed):

void c() {
  int i = 0; // deadstore, this value is never read
  i = 5;
}

CodeChecker diff -b version1.c -n version2.c --new 
Did not show the deadstore finding as new.

Web GUI improvements

We landed several patches to improve the readability and usability of the GUI, with more improvements to come in later releases! The currently selected event's visual highlight pops a little more now in the report view, and we no longer show unused columns in the run view.

In this image, you can see how much the selected event "pops" after this release, and also, how other events' opacity was a lowered a bit, which allows arrows to be seen through them.
image

  1. In the report detail page, outstanding and closed issues are clearly organized into a left tree view. So it will be easier to see which report needs more attention (fixing or triaging).

image

Report limit for storing to the server

Especially in the case of clang-tidy, we have observed some unreasonable number of reports by certain checkers. In some instances, we saw hundreds of thousands (!) of reports reported by some individual checkers, and its more than unlikely that anyone will inspect these reports individually (you probably got the message about using parantheses around macros after the first 15 000 reports).

We found that these checkers were usually enabled by mistake, and put unnecessary strain both on the storage of results to the server, and on the database once stored. Moving forward, CodeChecker servers will reject stores of runs that have more than 500 000 reports. This limit is a default value that you can change or even set to unlimited. Our intent is not to discourage legitemately huge stores, only those that are whose size is likely this large by mistake.

When creating a new product called My product at endpoint myproduct, you can set the report limit from the CLI with the following invocation:

CodeChecker cmd products add -n "My product" --report-limit 1000000 myproduct

For an already existing product, you can change the limit by clicking the pencil at the products page:
image
image

❗ Backward incompatible changes

  • [analyzer] Promote the missing analyzer warning to an error #3997
    • If analyzers are specified with --analyzers flag and one of them is missing, CodeChecker now emits an error.
    • Previously, the user could only specify the analyzers without version number e.g.: CodeChecker analyze compile_commands.json -o reports --analyzers clangsa
    • Now, you can also validate the analyzer's version number e.g.: CodeChecker analyze compile_commands.json -o reports --analyzers clangsa==14.0.0
    • In both cases, if a wrong analyzer was given, the system exit would trigger.

--all and --details were deprecated for CodeChecker analyzers

With the introduction of the GCC Static Analyzer, we think that the --all flag was more confusing than useful -- its a reasonable assumption that any sys...

Read more

Contributors

whisperity, bruntib, and 4 other contributors
Assets 2
Loading

v6.23.0-rc2

17 Nov 11:55
@vodorok vodorok
v6.23.0-rc2
605ba1b
Compare
Choose a tag to compare
v6.23.0-rc2 Pre-release
Pre-release

The following changes and fixes were made since v6.23.0-rc1

GCC Static Analyzer Related Changes:

Fixed the SARIF file location according to the GCC documentation.
Changed GCC's output format to sarif-stderr.
Temporarily ignored compiler warnings in GCC.

🐛 Analyzer Improvements:

Replaced the multiprocessing library with multiprocess. This resolved issues in multiprocess library usage on different platforms but mostly on OSX. Added in #4076

Fixing a crash when CC_ANALYZERS_FROM_PATH env variable is set in #4084

Corrected a bug about the --enable-all flag not disabling specific warnings in #4080 by @bruntib
Fixed non-determinism in the appearance of clang-tidy checkers.
Prevented duplicate addition of extra arguments in cppcheck.
Resolved an issue with the AnalyzerContext lazy initialization.

💻 Server/GUI Updates:

An error was fixed when loading the report in the report view that caused the review status dropdown menu's value to fail to update when switching to a report with a different status. Fixed in in #4082 by @cservakt

CI Configuration

The issue with building ReadTheDocs has been rectified. You can view the latest docs here: https://codechecker.readthedocs.io/en/latest/
In addition, we have implemented modifications to the PyPI action in order for a more reliable package publishing by @vodorok

🔨 Other:

  • [docs] Leave a better TODO for gcc docs by @Szelethus in #4069
  • chore(store): Give a name to the timeout watchdog thread by @whisperity in #407
  • Bump @babel/traverse from 7.16.8 to 7.23.2 in /web/server/vue-cli by @dependabot in #4043
  • Bump gitpython from 3.1.35 to 3.1.37 in /web/requirements_py/dev by @dependabot in #4038
  • Bump gitpython from 3.1.35 to 3.1.37 in /web by @dependabot in #4037

Full Changelog: v6.23.0-rc1...v6.23.0-rc2

Contributors

whisperity, bruntib, and 4 other contributors
Assets 2
Loading