Releases: danmar/cppcheck
Releases Β· danmar/cppcheck
Cppcheck-2.12.0
New checks:
- uselessOverride finds overriding functions that either duplicate code from or delegate back to the base class implementation
- knownPointerToBool finds pointer to bool conversions that are always true or false
Improved checking:
- truncLongCastAssignment and truncLongCastReturn check additional types, including float/double/long double
- duplInheritedMember also reports duplicated member functions
- constParameter*/constVariable* checks find more instances of pointers/references that can be const, e.g. when calling library functions
GUI:
- Show in statistics which checkers have been activated in latest analysis
- Make it more visible if there has been critical errors that caused checkers to be skipped
Changed interface:
- Write how many checkers was activated after a run
- Added --checkers-report that can be used to generate a report in a file that shows what checkers was activated and disabled
Deprecations:
- The qmake build system has been deprecated and will be removed in a future version.
- Command-line option '--template ' is deprecated and will be removed in 2.13 - please use '--template=' instead.
- Command-line option '--template-location ' is deprecated and will be removed in 2.13 - please use '--template-location=' instead.
Other:
- "USE_QT6=On" will no longer fallback to Qt5 when Qt6 is not found.
- When the execution of an addon fails with an exitcode it will now result in an 'internalError' instead of being silently ignored.
- "Win32" configurations have been removed from the bundled Visual Studio solution and projects. You might still be able to build 32-bit binaries using CMake but that is untested and unmaintained.
Cppcheck-2.11
New checks:
Improved checking:
- Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
- ValueFlow can evaluate the return value of functions even when conditionals are used
- ValueFlow will now forward the container sizes being returned from a function
- ValueFlow can infer possible values from possible symbolic values
- Improve valueflow after pushing to container
GUI:
- The platform type 'Unspecified' within .cppcheck projects has been deprecated and will be removed in Cppcheck 2.14. Please use 'unspecified' instead.
- Do not replace relative paths with absolute paths in suppressions in the project file dialog
Interface:
- The new option --check-level= has been added that controls how much checking is made by Cppcheck. The default checking level is "normal". If you feel that you can wait longer on results you can use --check-level=exhaustive.
- It is no longer necessary to run "--check-config" to get detailed "missingInclude" and "missingIncludeSystem" messages. They will always be issued in the regular analysis if "missingInclude" is enabled.
- "missingInclude" and "missingIncludeSystem" are reported with "-j" is > 1 and processes are used in the backend (default in non-Windows binaries)
- "missingInclude" and "missingIncludeSystem" will now cause the "--error-exitcode" to be applied
- "--enable=information" will no longer implicitly enable "missingInclude" starting with 2.16. Please enable it explicitly if you require it.
- The
constParameterandconstVariablechecks have been split into 3 different IDs based on if the variable is a pointer, a reference, or local. The different IDs will allow users to suppress different const warning based on variable type.constParameterconstParameterReferenceconstParameterPointerconstVariableconstVariableReferenceconstVariablePointer
- More command-line parameters will now check if the given integer argument is actually valid. Several other internal string-to-integer conversions will now be error checked.
- scanning projects (with -j1) will now defer the analysis of markup files until the whole code was processed
Cppcheck-2.10
Analysis:
- Many improvements and fixes in checkers.
- Windows binaries currently default to the "win32A" and "win64" platform respectively. Starting with Cppcheck 2.13 they will default to 'native' instead. Please specify '--platform=win32A' or '--platform=win64' explicitly if you rely on this.
- New check: use memset/memcpy instead of loop
CLI:
- if the file provided via "--file-list" cannot be opened it will now error out
- add command-line option "--disable=" to individually disable checks
GUI:
- Detect when installed version is old. There is setting in Edit/Preferences to turn this on.
- Fix path issue with backslashes
- Cleanup *.ctu-info files after analysis
Build:
- the deprecated Makefile option SRCDIR is no longer accepted
- added CMake option BUILD_CORE_DLL to build lib as cppcheck-core.dll with Visual Studio
Cppcheck-2.9
Analysis
- restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
- replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
- on Windows the callstack is now being written to the output specific via "--exception-handling"
- make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
- detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
- Add a
matchfunction to addon similiar toToken::Matchused internally by cppcheck:|for either-or tokens(iestruct|classto match eitherstructorclass)!!to negate a token- It supports the
%any%,%assign%,%comp%,%name%,%op%,%or%,%oror%, and%var%keywords - It supports
(*),{*},[*], and<*>to match links @can be added to bind the token to a name**can be used to match until a token
- Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
- Further improve lifetime analysis with
thispointers - Propagate condition values from outer function calls
- Add debug intrinsics
debug_valueflowanddebug_valuetypeto show more detail including source backtraces
Cppcheck Premium
GUI: Additional options to configure the Autosar, Cert C and Misra C++ coding standards
Command line: A --premium option that is used to provide premium options
Cppcheck-2.8
- Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
- SymbolDatabase can now deduce iterator types from how they are specified in the library files.
- ValueFlow can evaluate class member functions that return known values.
- Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
- Fix variableScope to not warn when variables are used in lambda functions
- Fix unassignedVariable warnings when using structured bindings
- Fix redundantInitialization warning when variable is used in a lambda
- Fix variableScope warnings when using if/while init-statement
- Improve lifetime analysis when returning variadic template expressions
- Detect more statements with constStatement
- Detect variableScope for more types
- Improvements to unreadVariable
- Detect more instances of C style casts
- Warn if the return value of new is discarded
- The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
- Extended library format to exclude specific function argument values
Cppcheck-2.7
Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.
Various checker improvements.
Fixed false positives.
Cppcheck-2.6
New checks in core cppcheck:
- missing return in function
- writing overlapping data, detect undefined behavior
- compared value is out of possible type range
- [perf] Copy elision optimization can't be applied for
return std::move(local) - file can not be opened for read and write access at the same time on different streams
Various improvements:
- Color output for diagnostics are added for unix-based platforms.
- Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
- Rules using the "define" tokenlist can also match #include as well.
- Library
<function>tags can now use<container>tag, so free functions that accept containers such asstd::size,std::empty,std::begin,std::end, etc. can specify theyieldsoractionfor the container. - Library
<smart-pointer>tag can specify a<unique>tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership. - Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
- htmlreport can now output author information (using git blame)
- More warnings about variables that is not const but can be const
Misra C 2012 compliance has been "completed"
All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2.
The rules 1.1 and 1.2 must be checked with a compiler.
The rule 17.3 can be checked by a compiler, for instance GCC.
Cppcheck-2.5
Parser:
- various fixes
- checked that all features in c++11, c++14, c++17 are supported
- c++20 support is improved but not complete yet
Core:
- improved library files, better knowledge about APIs
- improved checks to detect more bugs
- fixed checks to avoid unwanted warnings
Changed output:
- try to use relative paths when using compile databases, if compile database is accessed with relative path
- updated XML; The file0 attribute is moved from to
Misra:
- fixed crashes and false positives
New checks:
- suspicious container/iterator assignment in condition
- rethrow without current handled exception
Cppcheck-2.4.1
Fixed windows installer, a file needed by the Misra addon was missing.
Cppcheck-2.4
Fixed false negatives and false positives
New check; Detect one definition rule violations
Various improvements:
- MISRA improvements
- ImportProject fixes
- Various bug hunting improvements
- Fixes when importing AST from clang