Releases: danmar/cppcheck
Cppcheck-1.90
New check:
- alias to vector element invalid after vector is changed
Improved checking:
- improved value flow analysis for struct members
- improved value flow analysis for pointer alias
CERT:
- Added ENV33-C: Do not call system()
MISRA:
- Added rule 2.7
- Added rule 3.2
- Added rule 4.2
- Added rule 14.2
- Added rule 21.1
- Added rule 21.12
Cppcheck-1.89
Command line:
- The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.
Compiling:
- From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.
Improved checking:
- improved value flow analysis for pointer aliases
- improved checking for uninitialized variables/structs
- better checking of smart pointers
- better checking of global variables
- Added Cppcheck annotations cppcheck_low(VALUE) and cppcheck_high(VALUE)
- shadow variables; warn when argument is shadowed
- warn if local reference variable can be const
CERT:
- Added API01-C: Avoid laying out strings in memory directly before sensitive data
- Added MSC24-C: Do not use deprecated or obsolescent functions
- Added STR11-C: Do not specify the bound of a character array initialized with a string literal
MISRA:
- Added rule 17.2
- Added rule 18.4
- Added rule 18.7
GUI:
- Minor tweaks
Cppcheck-1.88
New checks:
- Comparing pointers that point to different objects
- Address of local variable 'x' is accessed at non-zero index
- STL usage: unnecessary search before insertion
- Duplicate expression for condition and assignment: if (x==3) x=3;
Added --library configuration files for:
- cppunit
- libcerror
- nspr
- opengl
- sqlite3
Better handling of C++14 and C++17
Command line:
- New command line option --addon used to run addons directly from Cppcheck.
- Some advanced options are only available in GUI:
- remove unused declarations in header files to speedup analysis
- remove unused templates to speedup analysis
- when checking visual studio project, only check 1 configuration
- max whole-program-analysis call stack depth
To get these features in command line tool, create a GUI project file and import that on command line using --project.
GUI:
- started implementing theme support
Makefile:
Please use MATCHCOMPILER=yes instead of SRCDIR=build when compiling to enable the match compiler.
Cert:
- add check exp15-c
- add check str03-c
- add check str05-c
- add check str07-c
Misra:
- Add check 17.7
- Add check 20.7
- Add check 20.10
Cppcheck-1.87
Command line interface:
- --project can now import Cppcheck GUI projects.
New checks:
- Condition is always true when array address is compared with 0.
- function argument expression calculation has known result (#8830)
Improvements:
- Better lifetime checking (using pointer/reference that points at deleted object)
- Improved whole program analysis
- Better handling of language extension var@address.
- Many improvements in parser to handle templates, type aliases, etc better
Configuration:
- new configuration for boost
- much better wxwidgets configuration
Addons:
- New addon for checking naming conventions. Naming conventions are configured in json file.
Performance:
According to daca@home Cppcheck-1.87 is in average 10% faster than Cppcheck-1.86.
Cppcheck-1.86
General:
- Many fixes in the template simplifier
- Several fixes in the abstract syntax tree.
Checking improvements:
- New check: passing address of char to function that expects a strz
- New check: shadow variables
- Improved lifetime checking
- Improved STL iterators checking
- Improved data flow analysis
New libraries:
- zlib
- googletest
Addons:
- misra.py: Fixes for suppressions and exclusions
- namingng.py: New addon to check naming conventions. Rules are specified in json file.
Cppcheck-1.85
General:
- We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
- According to "daca@home" (http://cppcheck.osuosl.org:8000)
- There are fewer crashes.
- Cppcheck-1.85 is ~25% slower than Cppcheck-1.84
Checking improvements:
- New check: Suggest STL algorithms instead of hard-coded for loops
- New check: Warn about ineffective algorithms (same iterator passed)
- New check: Mismatching iterators used together in operators
- Container (STL/Qt/WxWidgets/etc) access out of bounds
- Improved the checkers that warns about same/opposite expressions, track variable values better.
- logical conjunctions
- identical/opposite inner expressions
- same expressions around operator
- etc
- Variable scope: warn about references also
Graphical user interface:
- You can specify undefines in the project file dialog
- Fixed configuration of suppressions
- Windows: Fixed issue of wrong/no theme being applied to UI elements
Misra:
- support per file excludes from cppcheck
- support per file suppressions from cppcheck
- summary will now summarize results for all files again
- a few false positives were fixed
Cppcheck-1.84
New checks:
- Same rhs expression used in consecutive assignments
- Added more misra checkers
- Function overrides base class function but is not marked with the override keyword
Improved checks:
- Identical inner condition
- Opposite expressions
- Call to virtual function in constructor or destructor
- Variable not initialized by private constructor
- A class that has dynamic allocation needs copy constructor, assignment operator and destructor
Misc:
- Various performance optimisations
- Better support for C++17
- --template=gcc format has been updated to match gcc output better.
- We added a --template-location that can be used to format multiline messages.
- Update --template so the piece of code with the warning can be shown
- Symbol-based suppressions
- XML based suppressions format
Addons:
- cert.py: Attempting to cast away const
- misc.py: String concatenation in array initialization
- misc.py: Passing struct to ellipsis function
- misc.py: Function overrides base class function but is not marked with the virtual keyword
Compiling: We dropped support for some old compilers. From now on you need gcc 4.6 or later / visual studio 2013 or later / other compiler with c++11 support.
1.83
Command line:
- fixes in parser
- Improved loading of platform files.
GUI:
- few minor improvements in user interface
- Code preview
- Added MISRA addon integration
- Platform can be selected in project settings
- Fixed issue when loading xml results file
Addons:
- We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.
1.82
Bug fixes:
- Better handling of namespaces
- Fixed false positives
- Fixed parsing of compile databases
- Fixed parsing of visual studio projects
Enhancements
-
New check; Detect mistakes when there are multiple strcmp() in condition
Example:if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
There is a missing '==0', and therefore this condition is always true except when password is "C".
-
New check; pointer calculation result can't be NULL unless there is overflow
Example:someType **list_p = ...; if ((list_p + 1) == NULL)
The result for '(list_p + 1)' can't be NULL unless there is overflow (UB).
-
New check; public interface of classes should be safe - detect possible division by zero
Example:class Fred { public: void setValue(int mul, int div) { value = mul / div; // <- unsafe } ...
This check does not consider how Fred::setValue() is really called.
If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful. -
Fixed a few false negatives
-
More information in the cfg files
1.81
CPPCHECK:
- New warning: Check if condition after an early return is overlapping and therefore always false.
- Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu
- Better handling of Visual Studio projects
GUI:
- Compile: Qt5 is now needed to build the GUI
- Compile: New qmake flag HAVE_QCHART
- Project: You can now run cppcheck-addons
- Project: We have integrated clang-tidy
- Results view: Reload last results (if cppcheck build dir is used) when GUI is started
- Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..)
- Results view: Shows when warning first appeared (since date)
- Results view: Suppress warnings through right-click menu
- Statistics: Added charts (shown if Qt charts module is enabled during build)