v6.1

New features, improvements:

• HTML report file generation support for CodeChecker parse command. These HTML files contain the full control-flow path of the detected bugs. They can be viewed off-line without accessing the CodeChecker server or sent in an email. #1034
• CodeChecker cmd diff can be called for multiple runs. That is your results in the report directory can be compared against multiple runs using wildcards. #978
• Checker profiles. Checker pre-selection profiles were introduced to help in the selection of checkers. Three new profiles were introduced in increasing order of sensitivity (and false positive rate): default, sensitive, extreme. #907
• Clang will not warn about unused compiler arguments #985
• Print clang generated report hash at the command line parse with the steps together #1009

Analyzer invocation

• Better detection of gcc/g++ cross compilation parameters. --saargs and --tidyargs parameters should not be used for cross-compilation anymore. #995
• Include directory detection for clang-tidy #993

Documentation changes:

• New user guide accessible at the server #737
• Improved PostgreSQL database setup documentation #1001

Bug fixes:

Web UI:

• Report step were not shown on the UI #986 and #988
• Statistics view did not show the results #950
• Statistics view should not collect run names in the drop down #979
• Product listing did not work properly in Firefox #912
• Run without reports were not rendered correctly #1002
• Run history tab switch did not work properly #1017
• If there were many runs the loading of the run list was slow #1019

Command line:

• Storage failed with sqlite db backend if there were many results. #1005
• CodeChecker cmd sum command error #1004
• CodeChecker cmd sum report uniqueing #1025
• CodeChecker cmd sum get statistics only for the specified run names #1026
• CodeChecker check command did not work properly when it was called without output directory #992

v6.0.1

BUG Fixes and small feature additions

• #883 Analysis runs show the store duration
• #958 Show the latest run tag in the run list table
• #959 sorting by severity does not work in the bug list
• #960 Show severity at the parse output
• #961 Show result summary at the parse output
• #962 run name filter in diff command
• #963 update run tag if the same tag is used in one run

v6.0

CodeChecker 6.0 brings a huge amount of improvements to the CodeChecker infrastructure. This new major release sets forth a new direction aimed to increase the usability and effectiveness of CodeChecker as a code analysis and defect triaging system.

❗ Massive backward incompatibility changes ❗

This new major release changed the infrastructure in a way that your current CodeChecker usage might no longer be applicable.

• Due to internal database layout changes, any CodeChecker database that was created with versions of CodeChecker 5 is not usable. You'll need to reanalyze your project.
• The invocation of CodeChecker scripts have changed. Please make sure your custom integration scripts (if such exist) are working before relying on them. There is a high chance they won't.
• The API to access the server programmatically has also changed. Custom clients, such as the Eclipse plugin, may no longer work properly.

Most important backward incompatible command line changes

• CodeChecker store and cmd subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the commands should be executed on. For example instead of CodeChecker store --host localhost --port 8555 -n run_name you should use CodeChecker store --url localhost:8555/Default

• The check command which wrapped over log-analyze-store has been dropped. quickcheck has been renamed to check. An extra argument, --quiet has been introduced to analyze which silences analyzer output from the standard output. (#882)

Analysis framework

Major improvements

• analyze now supports incremental analysis, in which the subsequent analyses of the project updates the contents of the OUTPUT_DIR folder, without duplicating plist files, or requiring the user to do a full analysis. (#719)
• --add-compiler-defaults option detects compilation target and gcc include directories, thus cross-compilation can be auto-detected. If --saargs or --tidyargs were used for the analyze sub-command to specify (cross) compilation target or include directories, they can now be replaced by a simple --add-compiler-defaults switch, which will auto-detect these compiler settings. (#921)

Minor changes

• Various crashes and infinite hangs arising from analysis failure handling and dependency generation have been fixed. (#790)
• CodeChecker analyze now takes an optional --capture-analysis-output argument which makes successful analyzer invocations' output to be saved into the OUTPUT_DIR. (#802)
• Skip-files not applying to headers have been fixed. (#860)
• The checkers sub-command has been unified to the new structure, so CodeChecker checkers now does the same as codechecker-checkers did since version 5.8. (#856)

Discontinued features

• The check command which wrapped over log-analyze-store has been dropped. quickcheck has been renamed to check. An extra argument, --quiet has been introduced to analyze which silences analyzer output from the standard output. (#882)

Report storage

Major improvements

• With the changes introduced in incremental analysis, CodeChecker now stores the detection status of a bug report. This feature requires the user to always analyze into the same OUTPUT_DIR and then store the results from this folder. A bug can be new, unresolved, resolved or reopened. (#724)
  • Each bug begins its life as new. When a subsequent store call finds this bug again, the status will change to unresolved, and will stay there, until the bug disappears from the analyzer output. In this moment, the status will be resolved. If a resolved bug ever appears again in the analyzer results, its status will change to reopened. A reopened bug can turn resolved or unresolved in the next check depending on its status.
• Storing analysis results have been made much faster by introducing a simpler transmission approach. (#724)
• The multiple product system gives the users the ability to attach multiple analysis result databases to the same running CodeChecker server instance. These are separate databases each containing analysis results, managed in a new "configuration database", which is specified in the server's command-line. (#773)
• Subsequent store calls with the same run name can now be tagged, e.g. to point out which version of the project was used. (#885)

Minor changes

• CodeChecker subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the results should be stored to. (#773)

Web viewer application

Major improvements

• CodeChecker now has a logo! (#771)
• Bug reports can now be commented. Comments are shown for the same report found in multiple runs. (#742)
• Bugs can now be assigned a review status of Unreviewed, Confirmed bug, False positive, Won't fix, along with an optional comment on why this status was applied. (#768)
  • This replaces the suppress feature of the web application. Source code suppressions are imported into this new system as False positive reports.
• A new filtering system has been created which makes the Web viewer much more versatile at searching for reports. (#847)
• The history of run updates are stored and it is possible to recall the results of an earlier run (run history). It is also possible to "version tag" each update from command line and search for active reports based on update date. (#781)
• Report Uniqueing: The same bug can be found by the analyzer on multiple paths and in multiple runs. A semantically unique bug is identified with a bug identifier hash. In the web viewer it is possible to list only semantically unique bug reports. (#811)
• Checkers Summary Table: Provides a summary statistics of reports found by checkers summarized for all runs. (#826)
• The web viewer has been updated with a new homepage that gives the users ability to search and select the product they want to view. (#773)
• A new user guide for the web application has been added. (#865)
• Reports that refer to semantically the same bug are now grouped on the viewer. (#891)

Minor changes

• Tool-tip showing the full message in the bug path list is placed to start accordingly to the path list, not at the left center of the browser. (#720)
• The list of runs can now be filtered for substrings in the run's name. (#753)
• The username of the logged in user is now shown in the viewer. (#754)
• Diffing two runs can now be made with radio buttons explicitly showing what will be diffed against which other run, instead of having to tick two check boxes in an order. (#766)
• The bug steps are now also shown in the left-hand view, not just in the code. Floating bug step bubbles in the code were given better highlighting. (#798)
• The code viewer has been made significantly faster. (#815, #871)

Command-line viewer client

Major improvements

• The CodeChecker cmd sum sub-command now prints a more detailed breakdown on what reports are found per a particular checker. (#870)
• The command-line viewer also takes some new arguments for the new filtering system. (#918)

Minor changes

• Due to the removal of the suppress feature, CodeChecker cmd suppress now can only be used to import suppression data into a server. (#768)
• CodeChecker cmd subcommands now take --url instead of --host, --port as per the product system, to specify on which server and in which product the commands should be executed on. (#773, #873)
• Most of the command-line tools now take run names as a positional argument instead of --name. (#856)
• Local compare mode will now properly understand suppressions in the souce code on the local side. (#858)

Security

Major improvements

• CodeChecker Web server can be accessed through secure (encrypted, authenticated) HTTPS. (#899)
• CodeChecker now supports a way to isolate user access and define permissions between the products configured. (#857)

Miscellaneous improvements

• The bug report storage database has been revised, the new version of the database stores considerably less data from analyses, and we improved response time by making the database faster. (#709, #756, #764)
• The documentation has been heavily extended to help our users better.

v5.10

The v5.10 version brings Cross--Translation-Unit analysis support to CodeChecker, along with minor bug fixes and usability improvements.

Cross Translation Unit analysis support

CTU is an experimental feature not yet introduced to release versions of Clang which will enable more accurate static analysis via the ability of finding code across the entire project. You can retrieve a version of Clang that is CTU-capable from Ericsson's clang fork.

To support the easy usage of CTU analysis, CodeChecker has been extended to invoke the analyzer in a CTU-compatible way.

CodeChecker analyze now take the argument --ctu which enables the analysis. These arguments are only available if the Clang on the system has CTU analysis capabilities.

Usability improvements

• Instead of severity strings, show a colourful icon indicating the severity of the bug.
• If an analysis fails, the entire source code is compressed with the analyzer output and the build commands into a failure zip archive.

Bugfixes

• Fixed CodeChecker server --stop-all not being usable.
• Fixed CodeChecker server ignoring the --sqlite argument and always using the workspace's ~/.codechecker/codechecker.sqlite as database.
• Fixed analyzer crashes if the source file's name contained spaces.
• Fixed analyzer automatic detection ignoring the order set in the PATH environment variable.

Miscellaneous changes

• Various parts of the documentation has been improved.
• Various minor bug fixes to the command-line output has been applied.

v5.9

Release 5.9 brings new improvements and changes for an easier, more secure use to CodeChecker.

Incompatible command line changes!

Previously, to store analysis results, you needed to provide a database connection. This has been changed for both a more easier and secure usage model, which no longer requires having to know and input database credentials. A CodeChecker server is now needed by CodeChecker store to connect to and store runs in the database it is connected to. Because of this the command-line invocation has changed!, as follows:

• A CodeChecker server needs to be started before analysis results can be stored to the database, i.e. before executing store or check commands.
• Database-related arguments (--dbaddress, --dbport, --dbusername, --dbname, --sqlite, and --postgresql) have been removed from check and store.
• Instead, --host and --port is to be used to specify which CodeChecker server accepts and stores the analysis results.
• Servers which have authentication enabled require a valid session before allowing storage of analysis results. Use CodeChecker cmd login before calling store or check if your server is password protected.
  • If the server is configured for a short time-out period for valid sessions and building your project and analyzing it takes too long, the session on the server can time out before the storage of results can commence. Please use log, analyze and store separately, or configure your server for a longer timeout.

New features

• CodeChecker cmd diff allows diffing a run on a server and a local report folder containing plist files.
  • E.g. CodeChecker cmd diff --basename release --newname ~/my_analyze_output --new will show reports introduced in your local folder without having to store your results to a CodeChecker server.

Improvements

• CodeChecker cmd diff shows the source code line where the bug was found in its output.

Fixes

• Fixed a rare crash that resulted because of special characters in the source files badly decoded by the client.
• Fixed CodeChecker store unable to import any useful information from a report folder that did not contain metadata files alongside the plists.

Miscellaneous

• CodeChecker debug has been removed.

v5.8

The new release comes with many new features and bug fixes/improvements.
For a more detailed list of changes see the v5.8 milestone.

The v5.8 release tag was changed because some bug fixes we wanted to put into 5.8.
Please update the git tags if you use them. Sorry for the inconvenience.

New features

• improved run deletion in the command line (delete multiple runs, before/after a specific date ...)
• automatically detect the installed clang versions on the host machine and select the newest version
• suppression was re enabled on the UI even if no suppress file was given to the viewer server at start
  • new command line option is available to export and import suppress information after an analysis
• viewer server instance handling in the command line (list/stop already started servers)

Command line changes

• the old commands kept for backward compatibility for now (check, server ...)
• all of the command line options were refactored
• new commands are available (see user guide for further details)
  • log (only to generate a compile command json file)
  • analyze (run the analysis (clangsa, clang-tidy) and generate plist reports)
  • parse (parse the generated plist reports and print them to the stdout)
  • store (process the generated plist reports and store them to a database)

GUI improvements

• show version info
• improved report path coloring and visualization

Checker changes

• two clang-tidy checkers were removed from the default enabled list (generating too much reports) #675 users can enable them if needed
  • misc-misplaced-widening-cast
  • misc-throw-by-value-catch-by-reference

v5.7.1

New features

This is a bug fix release no new features were added.

Bugfixes/changes

• Improved GUI bugpath arrows
• Fixed browser refresh errors
• Fixed some plist importer bugs
• Changed authentication using command line
• No longer limiting the number of entries in the command line json output
• ...

See milestone for further details.

v5.7

Notice!

If you checked your project with the same run name multiple times just to update the results you might realized that some of the results were not removed or updated. This release should fix this problem but to work properly you might need to remove all the existing results and reanalyze your project.

New features

• better (cross) compiler handling (compiler built-in defines and includes) with the --add-compiler-defaults flag

Other improvements

• better error reporting
• log messages with timestamps
• source code cleanups and re-factoring

Bugfixes

• checker result cleanup if run is updated
• GUI filtering
  ...

v5.6

New features:

• multiple authentication methods are supported now (PAM, LDAP, ...)
• improved command line client (filtering, csv output)
• improved quickcheck (skip and suppress support)
• view analysis progress

UI improvements:

• load results faster
• show additional build related data

_Many bugfixes, usability improvements and source cleanup._

v5.5

What's new in this release:

• OSX support #315
• Use intercept-build for compilation command logging required for OSX optional on Linux
• Store separately generated plist results into database #322
• Documentation updates
• Bugfixes