v6.7.0

Report counting

Report counting was reviewed to give a consistent view in the
command line and at the web UI. The default views (without uniqueing)
shows the reports as they were found by the analyzers.

• Consistent report/bug counting #1443 #1449 #1541

Support Clang v6

• Some of the Clang6 checker severity levels were not classified #1568 #1557
• Upgrade the checker profiles for Clang6 #1538

CTU on-the-fly

CTU can still work by dumping the AST to the disk. The on-the-fly option
managed the ASTs in memory.

• Removing on-the-fly CTU functionality as it is not supported by Clang6 #1552

Checker renaming in Clang-tidy v6

• Support for Clang-tidy 6 renamed checkers #1548

misc-assert-side-effect -> bugprone-assert-side-effect
misc-argument-comment -> bugprone-argument-comment
misc-bool-pointer-implicit-conversion -> bugprone-bool-pointer-implicit-conversion
misc-dangling-handle -> bugprone-dangling-handle
misc-fold-init-type -> bugprone-fold-init-type
misc-forward-declaration-namespace -> bugprone-forward-declaration-namespace
misc-inaccurate-erase -> bugprone-inaccurate-erase
misc-move-forwarding-reference -> bugprone-move-forwarding-reference
misc-multiple-statement-macro -> bugprone-multiple-statement-macro
misc-string-constructor -> bugprone-string-constructor
misc-use-after-move -> bugprone-use-after-move
misc-implicit-cast-in-loop -> performance-implicit-conversion-in-loop
misc-inefficient-algorithm -> performance-inefficient-algorithm
misc-move-const-arg -> performance-move-const-arg
misc-move-constructor-init -> performance-move-constructor-init
misc-noexcept-move-constructor -> performance-noexcept-move-constructor
readability-implicit-bool-cast -> readability-implicit-bool-conversion

New features/improvements

• Component filters #846
• It should be possible to diff two different tagged versions of the same run #1346
• Generate index.html file by using PlistToHTML #1558
• Review status C style comment format #1551
• Skip duplicate reports when generating HTML output #1556
• Enable passwordless token based authentication #1462
• Getting the run results by providing the version tag #1496
• Create separate filter options for cmd line #1497
• Give better message when source files are missing #1537
• Allow more product endpoint names to be valid #1530
• LDAP hardening and tests #1305
• List out version tag in command line #1485
• List out latest version tag at runs command #1486
• Show full file path in CodeChecker parse ouptut #1559
• Handle more gcc/g++ arguments #1550
• Command line header deduplication #1512
• Improved relative path handling in the compile json #1553
• Extend build command escaping in the logger #1506
• Add -analyzer-config notes-as-events=true to the clang flags which will convert notes to events #1518
• Skip compiler dependency generation actions from analysis #1488
• bugprone-misplaced-operator-in-strlen-in-alloc checker added to severity map #1560
• Adding static HTML output generation to the HOWTO. #1588

UI

• Checks if no username supplied at login #1571
• Show admins for each product #1474
• Show bug path length for a report in bug report selection (left-hand, dropdown) #1505
• Add check command to run history #1454
• Extend html report information with checker name and severity #1546
• Create tooltips for report table columns #1582
• Detection status viewing and filtering together with uniqueing #1337
• Show tooltip by hovering on unique checkbox label #1576
• New column id in index.html at plistToHtml parser #1579
• Unified report filter #1444 #1510
• Highlight occurences of the selected text #1516
• Clickable 'Entered call from' #508
• Bug tooltip "Review status" should say what the icon means #1549
• New detection date filter values #1437
• New report count and uniqueing style on the UI #1586

Changes

• Using NullPool for database connections #1584
• Disable detection status if uniqueing is enabled #1513
• Fix documentation #1583
• Refactor list of products page #1489
• Change analysis statistics total message #1499

Bug fixes

• Skip reports at store #1566 #1575
• Click on run history jumps to wrong tab #1392
• Use file path from main section at plist-to-html #1573
• Initialize run filters with the correct values #1577 #1580
• Set default filter values on run history click #1574
• Fix filtering based on detection dates #1569 #1567
• Fix UI filter tooltip toggling items #1561
• Command line diff does not do deduplication #1465
• Allow html output only for diff and results at cmd #1515
• Inline //codechecker_suppress comment is ineffective in static html output #1423
• Apply ignore first, and ignore -flto flag. #1524
• Fix non existing filter member #1540
• Diff mode run history #1481
• Change server startup timing for the tests #1535
• "unsupported operand type(s)" when using a skipfile #1529
• Ranges associated with issues are not highlighted #1514
• Fix UI file path filter for run results #1521
• In-line suppression is not considered by the parse command #1484
• Do not highlight last bug path message if not absolutely last #1395
• Do not use globals at bug filter view #1494
• Fix review status comment typo handling #1547

Other

• Bump up version to 6.7.0 #1498
• Update readme with animation gif demo #1544
• Split up analyze and parse tests #1406

v6.6.0

New features/Improvements

• Support for Statistical Checkers (Experimental feature) #805
• Multiple source code suppression comment format #1429
• Handle more compiler flags unknown to clang #1431
• Load run history asynchronously on the WebGUI #1472
• Improve performance of bug path draw #1435
• Extend product listing page with new fields #1364
• Trim leading path from stored file paths #1411
• Introduce a per product configurable run limit #1410
• Improve user session handling at the server #1458
• Improve api mismatch errors #1456
• Product admins are able to nominate other users as product admins #1373
• Rename file filter on the WebGUI #1438
• Refactoring report filter UI #1401
• Move thrift client call wrapper to a separate module #1448
• User permission save error log improvement #1397
• Adding report counting description the howto #1476
• Exclude build actions which would compile a header file #1480
• Fine tune statistics collectors ratio interval #1479
• Skip linking action from compilation_database #1436

Changes

• Remove BufferOverlap checker from the sensitive profile #1477

Bug fixes

• CodeChecker check -o -c (clean switch) was ineffective #1421
• Filter cmd line checker statistics #1416
• Use consistent run name filter at cmd line #1417
• Fix server product list mismatch in multi server #1471
• Check command popup stick to right on the WebGUI #1393
• If the run filter is cleaned it did not list the reports from all of the runs #1409
• Checker name filter is not selected by clicking on a checker name in the statistics view #1347
• In diff mode bug viewer cannot be opened #1466
• Reset diff type filter items on change #1473
• Build action map is created twice for pre analysis phase #1420
• Fix thrift call wrapper host, port #1467
• Fix errors found by pylint #1447
• Fix diff type filter label #1439
• Fix dependency gen problem in xerces #1419
• Handle thrift error with fail callback on the WebGUI #1407
• Server startup can be slow due to long dangling file garbage collection #1261
• Support old suppress comment format files #1478

v6.5.1

Changes

• Apply bug event and point to report id index #1377
• Improve run deletion (session/synchronize) #1374
• Set sqlalchemy pool size #1391
• Sanity check for result storage and file content change #1320
• At least one report directory should be mandatory for parse command #1343
• Improve storage (severity handling) #1375
• Order reports in the file view left hand pane by line #1358
• Review status reason dialog should accept ENTER as submit if nothing is entered into textarea #1354
• Update to Codemirror v5.25.0 #1355
• Update to Jsplumb v2.2.0 #1380
• Remove Google fonts #1381
• Print the log level name by default #1370

Bug fixes

• Clicking on a report in unique mode in bug overview not the selected report is shown #1365
• Fix browser compatibility #1356
• Suppress file import fails #1388
• Pressing ESC in the review status reason window bolds the wrong status #1357
• Regex printed weird into file filter selector but works right #1352
• fix import in profiler and change output format #1376

v6.5

New features/Improvements

Web UI

• Add regex based file filter in "all reports" tab and enable "select all files matching regex" #1162
• Enable multiple selections of run name regex filters in all reports #1165
• Remove review comment column from the bug list #1302

Command line

• Extend command line filters with detection and review status #1312
• Validate filter values in the command line #1345
• Add total section for command line summary #1328
• Support regex expressions for the run names in the command line #1322

Analyzers

• Reanalyze without ctu on ctu failure (new command line argument --ctu-reanalyze-on-failure) #1297
• Handle more Clang 5.0 unknown argument errors #1294
• Use arch of the analyzer machine instead of the original one. #1308
• Add a watcher to kill stuck jobs if analysis takes too much time (new argument --timeout) #1168

Server

• Share user sessions through the database #1172
• Prevent concurrent storage of the same run name from multiple shared servers #1138
• Introduce storage limitations (run count) #1187
• Do not limit run count for the server by default #1315

Documentation

• User guide for using CodeChecker with BitBake #1329
• Improvements to false positive guide. #1292
• Fix the daily analysis integration template script always saying there are new bugs #1299

Changes

• Improved logging #1048
• Refactor plist to plaintext formatting (parse) #1334
• Explicitly show version information in the build script output #1300
• Add better diagnostics for ctu tests in case of failure #1298
• Remove critical log from massStoreRun #1339
• Remove soft session lifetime completely #1344

Bugfixes

• Fix clicking on a uniqued bug #1330
• Fix product editing #1310
• Fix python-ldap not throwing exception on anonymous binds when it should #1296
• Fix log format #1341
• Remove the default log level #1338
• Handle non existing session config file #1318
• Fix logger initialization #1316
• Fix typo of argument name resulting in name error #1317
• Fix setup logger for command line #1314
• Fix ctu_failure test not removing its test folder #1303
• Disable plist update on plist parsing unit tests #1293
• Remove run history by removing a run #1332
• In diff view the bug path tree is not shown when viewing a report #1275
• The current working directory may not exist. (debug tools) #1309

v6.4

New features

• Show bug path length column in Bug overview GUI #1209

Fixes

WebServer/GUI

• Bug steps disappears when switching arrows on/off #1243
• Highlight the actual bug step #1244
• Fix shown reports in run history view #1264
• Remove outdated bug paths from run results if the bug remains in run #1155
• Fix run history tag count query #1283

Analysis

• -idirafter gcc argument is not forwarded to clang analyzer #1267
• Fix analysis performance degradation on 2.6.32 and older kernels. Use manager to share data between processes #1276
• -Werror flag is removed from clang sa/clang tidy invocation #1279
• alpha.cpluscplus.IteratorRange was remove from all checker profiles as the checker is unstable #1255

Command line client

• cmd diff -o html does not work if -n is a report directory #1277
• Use the proper environment for db operations otherwise db upgrade may fail #1251
• Fix get diff hashes for new bugs #1259
• Fix of diff command failure in case of sqlite database and large queries #1281

Improvements

• Add session related comments to massStoreRun #1263

v6.3

New

• Include paths from environment variables in analysis phase #1184
• --include flags shouldn't be skipped during analysis #1237
• In anonymous mode allow superuser permission #1137
• Understand HTTPS product and server URLs without a port specified as 443 #1146
• Showing severity report count at the statistics page #1104
• Enable copy-paste for links #1164
• How to handle false positives HOWTO #1185
• Feature comparison of cmd and webgui #1197
• Performance/stress tests #808
• Command line diff performance improvements #956
• Show unique bug count in the run list page (instead of non unique) #1202
• Include paths from environment variables in analysis phase #1184
• Schema migration support of product databases #351
• Mount the same configuration database to multiple servers #876

Changes

• New report storage method: store every single bug report even if hash clashes, remove outdated resolved paths at run update #1213
• Put full date in log messages not only the time #1214
• Improve comments for the LDAP authentication #1217
• Rename some column labels #1200
• Use absolute path in logger #1097
• Upgrade SQLAchemy to 1.1.11 #1107
• Improve performance of report filters #1038
• Do not reparse unchanged files to get suppression to improve performance #1231
• Don't log as error if multiple source and triple is present in the log file #1230
• Update plist file with report hash #1239
• File cleanup refactoring #1131

Bug fix

• Fix run storage error (AddFileRecord return value) #1215
• Update line and column fields of report #1106
• Mismatch between filter result count and number of listed reports #1093
• Wrong handling of builtin includes during CTU collect phase #1143
• --enable-all with other options doesn't run most of the clang-tidy checkers #1148
• Server should not start in case of incorrectly formatted json file #1149
• Exception is thrown if product name is not specified #1174
• Exception is thrown while parsing compilation json #1180
• After a run is deleted the counter is not updated #1152
• Bug tree shows issues from all runs even if one run selected #1117
• Remove gcc intrinsic and include-fixed include directories from analysis #1183
• Ordering by File when Unique reports are enabled doesn't give an alphabetical order #1198
• Handle more plist parsing errors #1225
• Remove linecache usage #1227
• Review status false positive is not set #1223
• Failure zip does not contain all dependent headers (CTU) #1159
• Make sure that file is closed if plist parsing fails #1216
• Don't attempt to add the same file multiple times to the ZIP #1234
• Generate report hash fix #1235
• Fix server general exception #1242
• Do not store same bug from plist files #1247

v6.2.1

Bug fixes

• Web GUI filters for Checker name now shows the full list of checkers, not just the first 10. (#1156)
• --enable-all given to check was not passed through to analyze. (#1163)
• Fixed a bug at compiler target detection (#1180)
• Fixed a connection handling issue to LDAP authentication backends. (#1139)
• Fix CodeChecker making Clang-SA/Tidy use system GCC headers instead of the Clang's ones. (#1144, #1173)

Enhancements

• URLs in the command-line specifying http:// or https:// should use port 80 and 443 respectively, if an explicit port is not given. (#1146, #1150, #1175)
• CodeChecker server will now refuse to start if the session_config.json file is malformed. (#1151)
• Comparing a local result folder to a run stored on the server has received a massive performance improvement. (#1169)

Miscellaneous

• Added scripts to aid the debugging of failed analyses. (#1113)
• Upgraded SQLAlchemy to a newer version. (#1142)

v6.2

New features

• Local Compare mode (CodeChecker cmd diff) can generate HTML files with bug path #748
• Show number of runs on the list of runs view #1079
• Show the granted permissions for the currently logged in user on the GUI #875

Enhancements

• Introduce better (debug) logging for CTU analysis #886, #1069, #1100, #1050
• Group reports only by bug hash when uniqueing #1121
• Make sure query strings and filters cannot be used for SQL attacks #902
• Report storage session improvements for large amount of reports #1072
• Add icons for tabs #1086
• Development environment improvements #1105
• Logging improvements #1119

Bug fixes

• clang-tidy hash was incorrectly generated in some cases which caused some false new reports shown in diff view #1114
• Fix Analysis failure if multiple cross-compiler was used (compilation target is registered per build action) #1099
• Relative paths in compilation database were not properly handled at analysis which caused some analysis failures #1116
• Performance improvement of unresponsive server (when the results contained thousands of files) #1053
• Show the supported browser version #1084
• Bad function parameter call at statistics #1103
• Product page error in Firefox #1101
• Fix a typo in the doc for psql commands #1108
• Bug report was not opened correctly when opened from the All Reports view #1118

Changes

• Remove cppcoreguidelines-pro-type-vararg from the sensitive profile #1080

  Two checkers are conflicting and causing the analyzer to hang, until the checkers are fixed
  we removed the checker from the sensitive profile so it will not be enabled implicitly.

v6.1.1

Bug fixes

• Clang-tidy result parsing error which caused increasing memory consumption #1064
• UI fix: in the bug overview the result count and the number of shown bugs differs #533
• UI fix: bug path was not shown in some cases #1033
• CodeChecker analyze does not show analysis errors when it only re-analyze files #1043
  If there was no explicit report output directory the default report directory was not cleaned up between two analysis runs, which could cause misleading results from the parse command.
• Storage should be stopped immediately if a storage is already ongoing on with the same name #1013
• --verbose debug_analyzer did not print the analysis calls #999

Improvements

• report filter query performance improvements #1052
• Limit the up loadable data size to the server #840
• improve command line client coding convention #1070
• documentation updates with CI loop script examples #994
• test infrastructure updates #1055

Changes!

• severity level of misc-string-compare checker was changed from HIGH to LOW #1058

v6.1

New features, improvements:

• HTML report file generation support for CodeChecker parse command. These HTML files contain the full control-flow path of the detected bugs. They can be viewed off-line without accessing the CodeChecker server or sent in an email. #1034
• CodeChecker cmd diff can be called for multiple runs. That is your results in the report directory can be compared against multiple runs using wildcards. #978
• Checker profiles. Checker pre-selection profiles were introduced to help in the selection of checkers. Three new profiles were introduced in increasing order of sensitivity (and false positive rate): default, sensitive, extreme. #907
• Clang will not warn about unused compiler arguments #985
• Print clang generated report hash at the command line parse with the steps together #1009

Analyzer invocation

• Better detection of gcc/g++ cross compilation parameters. --saargs and --tidyargs parameters should not be used for cross-compilation anymore. #995
• Include directory detection for clang-tidy #993

Documentation changes:

• New user guide accessible at the server #737
• Improved PostgreSQL database setup documentation #1001

Bug fixes:

Web UI:

• Report step were not shown on the UI #986 and #988
• Statistics view did not show the results #950
• Statistics view should not collect run names in the drop down #979
• Product listing did not work properly in Firefox #912
• Run without reports were not rendered correctly #1002
• Run history tab switch did not work properly #1017
• If there were many runs the loading of the run list was slow #1019

Command line:

• Storage failed with sqlite db backend if there were many results. #1005
• CodeChecker cmd sum command error #1004
• CodeChecker cmd sum report uniqueing #1025
• CodeChecker cmd sum get statistics only for the specified run names #1026
• CodeChecker check command did not work properly when it was called without output directory #992