Cppcheck-2.9

Analysis

• restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
• replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
• on Windows the callstack is now being written to the output specific via "--exception-handling"
• make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
• detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
• Add a match function to addon similiar to Token::Match used internally by cppcheck:
  • | for either-or tokens(ie struct|class to match either struct or class)
  • !! to negate a token
  • It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
  • It supports (*), {*}, [*], and <*> to match links
  • @ can be added to bind the token to a name
  • ** can be used to match until a token
• Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
• Further improve lifetime analysis with this pointers
• Propagate condition values from outer function calls
• Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces

Cppcheck Premium

GUI: Additional options to configure the Autosar, Cert C and Misra C++ coding standards
Command line: A --premium option that is used to provide premium options

Cppcheck-2.8

• Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
• SymbolDatabase can now deduce iterator types from how they are specified in the library files.
• ValueFlow can evaluate class member functions that return known values.
• Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
• Fix variableScope to not warn when variables are used in lambda functions
• Fix unassignedVariable warnings when using structured bindings
• Fix redundantInitialization warning when variable is used in a lambda
• Fix variableScope warnings when using if/while init-statement
• Improve lifetime analysis when returning variadic template expressions
• Detect more statements with constStatement
• Detect variableScope for more types
• Improvements to unreadVariable
• Detect more instances of C style casts
• Warn if the return value of new is discarded
• The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
• Extended library format to exclude specific function argument values

Cppcheck-2.7

Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.

Various checker improvements.

Fixed false positives.

Cppcheck-2.6

New checks in core cppcheck:

• missing return in function
• writing overlapping data, detect undefined behavior
• compared value is out of possible type range
• [perf] Copy elision optimization can't be applied for return std::move(local)
• file can not be opened for read and write access at the same time on different streams

Various improvements:

• Color output for diagnostics are added for unix-based platforms.
• Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
• Rules using the "define" tokenlist can also match #include as well.
• Library <function> tags can now use <container> tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
• Library <smart-pointer> tag can specify a <unique> tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
• Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
• htmlreport can now output author information (using git blame)
• More warnings about variables that is not const but can be const

Misra C 2012 compliance has been "completed"
All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2.
The rules 1.1 and 1.2 must be checked with a compiler.
The rule 17.3 can be checked by a compiler, for instance GCC.

Cppcheck-2.5

Parser:

• various fixes
• checked that all features in c++11, c++14, c++17 are supported
• c++20 support is improved but not complete yet

Core:

• improved library files, better knowledge about APIs
• improved checks to detect more bugs
• fixed checks to avoid unwanted warnings

Changed output:

• try to use relative paths when using compile databases, if compile database is accessed with relative path
• updated XML; The file0 attribute is moved from to

Misra:

• fixed crashes and false positives

New checks:

• suspicious container/iterator assignment in condition
• rethrow without current handled exception

Cppcheck-2.4.1

Fixed windows installer, a file needed by the Misra addon was missing.

Cppcheck-2.4

Fixed false negatives and false positives

New check; Detect one definition rule violations

Various improvements:

• MISRA improvements
• ImportProject fixes
• Various bug hunting improvements
• Fixes when importing AST from clang

Cppcheck-2.3

Improved C++ parser:

• types
• wrong operands in ast
• better simplification of templates

Improved clang import, various fixes.
Improved value flow analysis

Fixed false positives

Improved configuration in library files

• boost.cfg
• googletest.cfg
• qt.cfg
• windows.cfg
• wxwidgets.cfg

Added several Misra rules:

• 6.1
• 6.2
• 7.2
• 7.4
• 9.2
• 10.2
• 15.4

Added platforms:

• elbrus e1c+
• pic
• pic8
• mips

Cppcheck-2.2

New checks:

• incorrect usage of mutexes and lock guards
• Dereference end iterator
• Iterating a known empty container
• outOfBounds check for iterators to containers

Removed 'operator=' check that ensures reference to self is returned. That is not about safety.

Improved parser

• various ast fixes

Clang parser

• The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.

Improved bug hunting

• variable constraints
• handling of multidimension arrays
• function calls, execute functions that are in same TU
• improved handling of containers
• several improvements for uninitialized variables check
• improved analysis of for loops
• added a hash value for warnings that can be used for suppressions

Improved data flow

• one more heuristic for ternary operators
• improved data flow for containers

CLI:

• Fixed some addon execution problems when there are spaces etc

GUI:

• Fix handling of tags
• Exclude files

cppcheck-htmlreport:

• several result files can be combined into 1 output

Suppressions:

• comments can be added at end of suppression in suppressions file

Cppcheck-2.1

This is a minor release.

We have tweaked build scripts.

• When you use USE_Z3=yes, we will handle new versions of z3 better. If you have an old z3 library and get compilation problems you will need to add a z3_version.h in externals.
• The cmake scripts was updated.

There was a couple of bug fixes.

New check:

• for "expression % 1" the result is always 0.