Static Code Analysis with CodeChecker
Gabor Horvath, Reka Kovacs, Richard Szalay, Zoltan Porkolab, Gyorgy Orban, Daniel Krupp
TL;DR
The paper surveys static analysis for C/C++ within the CodeChecker ecosystem, focusing on integrating Clang Static Analyzer and Clang-Tidy into build and CI workflows. It connects theory and practice by explaining the LLVM‑based infrastructure, the fundamental limits of static analysis, and mechanisms to manage false positives. It presents CodeChecker as a scalable platform for aggregating results, enabling incremental updates, suppression of known false positives, and web‑based defect management across large codebases. The work demonstrates a practical pathway to reduce maintenance costs and improve developer productivity by combining static analysis with tooling that supports real‑world software engineering processes.
Abstract
CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It has a powerful issue management system to make it easier to evaluate the reports of the static analysis tools. This document was handed out as supportive material for a code analysis lecture at the 2018 3COWS conference in Kosice, Slovakia.