[cfe-dev] codechecker into clang/LLVM?
Anna Zaks via cfe-dev
cfe-dev at lists.llvm.org
Tue Nov 10 10:20:13 PST 2015
Hi Daniel,
Sorry for taking so long to reply!
The clang static analyzer is definitely missing a bug tracking system and I believe this project has a good potential to fill that need. Here are a couple of concerns that immediately jump into mind:
- What would it take for this to replace scan-build? Can scan-build be used instead of the interposition module you use? For example, can we control the build interposition method by some option and the bug tracking would be an add-on on top of that? I suspect that your solution does not work on all platforms that scan-build currently supports (Mac and Windows come to mind). That is the main concern here. There are also projects that might not build with the type of interposition you use. I am not sure if you are aware of the scan-build rewrite (in Python) effort, where all these issues were raised as well.
- Is licensing compatible? The llvm codebase tries to stay clear of any dependencies on GPL or LGPL licenses because there are companies who are involved with the project and cannot use software tainted with those licenses.
- The list of dependencies is large, which is a concern if this was to replace scan-build.
Anna.
> On Oct 22, 2015, at 7:14 AM, Dániel Krupp via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>
> Hello All,
>
> Scan-build, the current bug viewer Clang Static Analyzer front-end tool has some scalability issues and limitations.
> For example, scan-build creates static HTML reports, storing whole source files as many times as they are included in a report.
> Incremental bug reporting (show only new bugs compared to a baseline) and false positive suppression is not supported either.
>
> To address these issues, back in July we published CodeChecker on GitHub ( https://github.com/Ericsson/codechecker <https://github.com/Ericsson/codechecker> ),
> a new defect storage and management infrastructure for Clang Static Analyzer (written in python). We also gave a talk about this in Euro LLVM 2015 (http://llvm.org/devmtg/2015-04/ <http://llvm.org/devmtg/2015-04/>).
>
> The most important features are the following:
> - scalable dynamic web based defect viewer (instead of static html)
> - a new command line tool for analyzing projects which is usable in CI scripts
> - a PostgreSQL based defect storage & management
> - incremental bug reporting (show only new bugs compared to a baseline)
> - suppression of false positives
> - better integration with build systems (through the LD_PRELOAD mechanism)
> - Apache Thrift API based server-client model for storing bugs and viewing results.
> - It is possible to connect multiple bug viewers. Currently a web-based viewer and a command line viewer are provided.
>
> Since its publication we have fixed many errors, addressed user-feedbacks and now I think it is mature enough.
>
>
> We could release the tool under LLVM license.
>
> If you agree, this tool could be part of the llvm/clang source tree, possibly besides scan-build (or a separate llvm repository?).
> I am not sure about the official process.
> Can anyone help with this?
>
> Regards,
> Daniel
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev <http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151110/c9b60503/attachment.html>
More information about the cfe-dev
mailing list