The Ericsson CodeChecker team will present their work on the CodeChecker frontend to Clang/LLVM-based checkers and industrial experiences. Speaker: Márton Gábor

Link to the tool: https://github.com/Ericsson/codechecker

CodeChecker project was created to replace commercial static analyzer tools to open source ones for C/C++ language. Clang analyzers were chosen as the analysis engine. One important missing analysis feature from the Clang Static Analyzer was Cross-translation unit analysis (whole-program analysis).

Solution alternatives were provided:

• Naïve inlining - upstreamed
• Summary based analysis – work in progress

Missing checkers – Focus on SEI Cert Secure coding checkers

• C++ container handling (invalidated iterator, accessing emelemnts out of container bounds)
• Invalid memory accesses (padding problems, over/under-indexing arrays), modeling of memcpy functions
• Taint analysis feature is incomplete
• Missing statistical checkers – if the return value of a function call is handled at 90% of the cases, it is an error not to handle it
• Improve analyzer messages – sometimes it is difficult to understand the error report

Remarks on deployment of Static Analysis tools

• Developers/CI Team want simple analysis execution/integration to their build system
• Many users use gcc/g++, compiler call/code is not always compatible with clang
• Cross–compiled gcc projects are the most difficult to analyze

Developers expect good analysis quality

• They want the analysis to be integrated into the code review loop – to prevent new faults to be introduced – CI integration
• The analysis should be fast enough in the review loop – incremental analysis can speed up things
• Low false positive rate
• Self explaining error reports
• Possibility to suppress false positives

Quality managers expect dashboard like views

• Good overview of errors per error type, severity (central web service)
• Location of the errors per module
• Follow up trends of new/fixed errors per (software release/commit)