diff --git a/docs/README.md b/docs/README.md index 9131871db6..539092b6c0 100644 --- a/docs/README.md +++ b/docs/README.md @@ -193,7 +193,7 @@ For details see Useful tools that can also be used outside CodeChecker. * [Build Logger (to generate JSON Compilation Database from your builds)](/analyzer/tools/build-logger/README.md) -* [Plist to HTML converter (to generate HTML files from the given plist files)](/docs/tools/report-converter.md#plist-to-html-tool) +* [Plist/Sarif to HTML converter (to generate HTML files from the given plist or sarif files)](/docs/tools/report-converter.md#plist-to-html-tool) * [Report Converter Tool (to convert analysis results from other analyzers to the codechecker report directory format))](/docs/tools/report-converter.md) * [Translation Unit Collector (to collect source files of a translation unit or to get source files which depend on the given header files)](/docs/tools/tu_collector.md) * [Report Hash generator (to generate unique hash identifiers for reports)](/docs/tools/report-converter.md#report-hash-generation-module) diff --git a/docs/supported_code_analyzers.md b/docs/supported_code_analyzers.md index e754cb965e..3dfc4a4b2d 100644 --- a/docs/supported_code_analyzers.md +++ b/docs/supported_code_analyzers.md @@ -21,6 +21,7 @@ CodeChecker result directory which can be stored to a CodeChecker server. | | [Kernel-Doc](/docs/tools/report-converter.md#kernel-doc) | ✓ | | | [Sparse](/docs/tools/report-converter.md#sparse) | ✓ | | | [cpplint](/docs/tools/report-converter.md#cpplint) | ✓ | +| | [GNU GCC Static Analyzer](/docs/tools/report-converter.md#gcc) | ✓ | | **C#** | [Roslynator.DotNet.Cli](/docs/tools/report-converter.md#roslynatordotnetcli) | ✓ | | **Java** | [FindBugs](http://findbugs.sourceforge.net/) | ✗ | | | [SpotBugs](/docs/tools/report-converter.md#spotbugs) | ✓ | diff --git a/docs/tools/report-converter.md b/docs/tools/report-converter.md index 69c71b681a..adf3758880 100644 --- a/docs/tools/report-converter.md +++ b/docs/tools/report-converter.md @@ -14,6 +14,7 @@ a CodeChecker server. * [Thread Sanitizer](#thread-sanitizer) * [Leak Sanitizer](#leak-sanitizer) * [Cppcheck](#cppcheck) + * [GNU GCC Static Analyzer](#gcc) * [Spotbugs](#spotbugs) * [Facebook Infer](#facebook-infer) * [ESLint](#eslint) @@ -29,7 +30,7 @@ a CodeChecker server. * [Sparse](#sparse) * [cpplint](#cpplint) * [Roslynator.DotNet.Cli](#roslynatordotnetcli) -* [Plist to html tool](#plist-to-html-tool) +* [Plist/Sarif to html tool](#plist-to-html-tool) * [Usage](#usage-1) * [Report hash generation module](#report-hash-generation-module) * [Generate path sensitive report hash](#generate-path-sensitive-report-hash) @@ -53,33 +54,37 @@ make package $ report-converter --help (click to expand) ``` -usage: report-converter [-h] -o OUTPUT_DIR -t TYPE [--meta [META [META ...]]] - [--filename FILENAME] [-c] [-v] - file +usage: report-converter [-h] -o OUTPUT_DIR -t TYPE [-e EXPORT] + [--meta [META ...]] [--filename FILENAME] [-c] [-v] + input [input ...] Creates a CodeChecker report directory from the given code analyzer output which can be stored to a CodeChecker web server. positional arguments: - file Code analyzer output result file which will be parsed - and used to generate a CodeChecker report directory. + input Code analyzer output result files or directories which + will be parsed and used to generate a CodeChecker + report directory. -optional arguments: +options: -h, --help show this help message and exit -o OUTPUT_DIR, --output OUTPUT_DIR This directory will be used to generate CodeChecker report directory files. -t TYPE, --type TYPE Specify the format of the code analyzer output. - Currently supported output types are: asan, clang- - tidy, coccinelle, cppcheck, cpplint, eslint, - fbinfer, golint, kernel-doc, lsan, mdl, msan, - pyflakes, pylint, roslynator, smatch, sparse, sphinx, spotbugs, - tsan, tslint, ubsan. - --meta [META [META ...]] - Metadata information which will be stored alongside - the run when the created report directory will be - stored to a running CodeChecker server. It has the - following format: key=value. Valid key values are: + Currently supported output types are: asan, clang-tidy, + coccinelle, cppcheck, cpplint, eslint, fbinfer, gcc, + golint, kernel-doc, lsan, mdl, msan, pyflakes, pylint, + roslynator, smatch, sparse, sphinx, spotbugs, tsan, + tslint, ubsan. + -e EXPORT, --export EXPORT + Specify the export format of the converted reports. + Currently supported export types are: .plist, .sarif. + (default: plist) + --meta [META ...] Metadata information which will be stored alongside the + run when the created report directory will be stored to + a running CodeChecker server. It has the following + format: key=value. Valid key values are: analyzer_command, analyzer_version. (default: None) --filename FILENAME This option can be used to override the default plist file name output of this tool. This tool can produce @@ -106,6 +111,7 @@ Supported analyzers: cpplint - cpplint, https://github.com/cpplint/cpplint eslint - ESLint, https://eslint.org/ fbinfer - Facebook Infer, https://fbinfer.com + gcc - GNU Compiler Collection Static Analyzer, https://gcc.gnu.org/wiki/StaticAnalyzer golint - Golint, https://github.com/golang/lint kernel-doc - Kernel-Doc, https://github.com/torvalds/linux/blob/master/scripts/kernel-doc lsan - LeakSanitizer, https://clang.llvm.org/docs/LeakSanitizer.html @@ -254,6 +260,34 @@ CppCheck: `analysis statistics`, `analysis duration`, `cppcheck command` etc. For more information about logging checkout the log section in the [user guide](/docs/usage.md). +### [GNU GCC Static Analyzer](https://gcc.gnu.org/wiki/StaticAnalyzer) + +This project introduces a static analysis pass for GCC that can diagnose +various kinds of problems in C/C++ code at compile-time (e.g. double-free, +use-after-free, etc). + +The analyzer runs as an IPA pass on the gimple SSA representation. It +associates state machines with data, with transitions at certain statements +and edges. It finds "interesting" interprocedural paths through the user's +code, in which bogus state transitions happen. + +GCC 13.0.0 and later versions support the output in sarif formats, which +report-converter can parse. Earlier versions only supported a json output, +which report-converter doesn't support. + +You can enable the GNU GCC Static Analyzer and the sarif output with the +following flags: +```sh +# Complie and analyze my_file.cpp. +g++ -fanalyzer -fdiagnostics-format=sarif-file my_file.cpp + +# GCC created a new file, my_file.cpp.sarif. +report-converter -t gcc -o my_file.cpp.sarif ./gcc_reports + +# Store the Cppcheck reports with CodeChecker. +CodeChecker store ./codechecker_cppcheck_reports -n cppcheck +``` + ### [Spotbugs](https://spotbugs.github.io/) [Spotbugs](https://spotbugs.github.io/) is a static analysis tool for `Java` code. @@ -618,7 +652,7 @@ report-converter -t roslynator -o ./codechecker_roslynator_reports ./sample.xml CodeChecker store ./codechecker_roslynator_reports -n roslynator ``` -## Plist to html tool +## Plist/Sarif to html tool `plist-to-html` is a python tool which parses and creates HTML files from one or more `.plist` result files.