Softpedia >Windows >Programming >Other Programming Files >Cppcheck >  Changelog

Cppcheck Changelog

What's new in Cppcheck 2.14

Apr 21, 2024
  • New checks:
  • eraseIteratorOutOfBounds: warns when erase() is called on an iterator that is out of bounds
  • returnByReference: warns when a large class member is returned by value from a getter function
  • GUI:
  • -Make it possible to suppress warnings in all files in a folder
  • Changed interface:
  • Fixed crash with '--rule-file=' if some data was missing.
  • '--rule-file' will now bail out if a rule could not be added or a file contains unexpected data.
  • Add option '--check-version', you can use it to pin the cppcheck version in a script.
  • Added '--template=simple'. It is expands to '{file}:{line}:{column}: {severity}:{inconclusive:inconclusive:} {message} [{id}]' without any additional location details.
  • Removed deprecated platform type 'Unspecified'. Please use 'unspecified' instead.
  • Add --file-filter=- option that reads file filters from stdin. Added for a plugin.
  • Other:
  • Added CMake option 'EXTERNALS_AS_SYSTEM' to treat external includes as 'SYSTEM' ones.
  • The minimum required compiler versions have been bumped to GCC 5.1 / Clang 3.5 / Visual Studio 2015
  • The minimum required CMake version has been bumped to 3.5
  • Using Visual Studio with CMake now checks if the CMake version is at least 3.13. This was always required but was not checked explicitly.
  • Removed deprecated 'Makefile' option 'SRCDIR'.
  • Added CMake option 'DISALLOW_THREAD_EXECUTOR' to control the inclusion of the executor which performs the analysis within a thread of the main process.
  • Removed CMake option 'USE_THREADS' in favor of 'DISALLOW_THREAD_EXECUTOR'.
  • misra-config will not be treated as a critical error anymore
  • Safety critical:
  • #12440 : Misra violations found but cppcheck exited with 0 even after specifying exit code

New in Cppcheck 2.12 (Sep 10, 2023)

  • New checks:
  • uselessOverride finds overriding functions that either duplicate code from or delegate back to the base class implementation
  • knownPointerToBool finds pointer to bool conversions that are always true or false
  • Improved checking:
  • truncLongCastAssignment and truncLongCastReturn check additional types, including float/double/long double
  • duplInheritedMember also reports duplicated member functions
  • constParameter*/constVariable* checks find more instances of pointers/references that can be const, e.g. when calling library functions
  • GUI:
  • Show in statistics which checkers have been activated in latest analysis
  • Make it more visible if there has been critical errors that caused checkers to be skipped
  • Changed interface:
  • Write how many checkers was activated after a run
  • Added --checkers-report that can be used to generate a report in a file that shows what checkers was activated and disabled
  • Deprecations:
  • The qmake build system has been deprecated and will be removed in a future version.
  • Command-line option '--template ' is deprecated and will be removed in 2.13 - please use '--template=' instead.
  • Command-line option '--template-location ' is deprecated and will be removed in 2.13 - please use '--template-location=' instead.
  • Other:
  • "USE_QT6=On" will no longer fallback to Qt5 when Qt6 is not found.
  • When the execution of an addon fails with an exitcode it will now result in an 'internalError' instead of being silently ignored.
  • "Win32" configurations have been removed from the bundled Visual Studio solution and projects. You might still be able to build 32-bit binaries using CMake but that is untested and unmaintained.

New in Cppcheck 2.9 (Aug 28, 2022)

  • restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
  • replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
  • on Windows the callstack is now being written to the output specific via "--exception-handling"
  • make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
  • detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
  • Add a match function to addon similiar to Token::Match used internally by cppcheck:
  • | for either-or tokens(ie struct|class to match either struct or class)
  • !! to negate a token
  • It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
  • It supports (*), {*}, [*], and <*> to match links
  • @ can be added to bind the token to a name
  • ** can be used to match until a token
  • Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
  • Further improve lifetime analysis with this pointers
  • Propagate condition values from outer function calls
  • Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces

New in Cppcheck 2.8 (Jul 8, 2022)

  • Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
  • SymbolDatabase can now deduce iterator types from how they are specified in the library files.
  • ValueFlow can evaluate class member functions that return known values.
  • Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
  • Fix variableScope to not warn when variables are used in lambda functions
  • Fix unassignedVariable warnings when using structured bindings
  • Fix redundantInitialization warning when variable is used in a lambda
  • Fix variableScope warnings when using if/while init-statement
  • Improve lifetime analysis when returning variadic template expressions
  • Detect more statements with constStatement
  • Detect variableScope for more types
  • Improvements to unreadVariable
  • Detect more instances of C style casts
  • Warn if the return value of new is discarded
  • The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
  • Extended library format to exclude specific function argument values

New in Cppcheck 2.7 (Feb 5, 2022)

  • Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.
  • Various checker improvements.
  • Fixed false positives.

New in Cppcheck 2.6 (Oct 2, 2021)

  • New checks in core cppcheck:
  • missing return in function
  • writing overlapping data, detect undefined behavior
  • compared value is out of possible type range
  • [perf] Copy elision optimization can't be applied for return std::move(local)
  • file can not be opened for read and write access at the same time on different streams
  • Various improvements:
  • Color output for diagnostics are added for unix-based platforms.
  • Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
  • Rules using the "define" tokenlist can also match #include as well.
  • Library <function> tags can now use <container> tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
  • Library <smart-pointer> tag can specify a <unique> tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
  • Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
  • htmlreport can now output author information (using git blame)
  • More warnings about variables that is not const but can be const
  • Misra C 2012 compliance has been "completed"
  • All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2.
  • The rules 1.1 and 1.2 must be checked with a compiler.
  • The rule 17.3 can be checked by a compiler, for instance GCC.

New in Cppcheck 2.5 (Jul 4, 2021)

  • Parser:
  • various fixes
  • checked that all features in c++11, c++14, c++17 are supported
  • c++20 support is improved but not complete yet
  • Core:
  • improved library files, better knowledge about APIs
  • improved checks to detect more bugs
  • fixed checks to avoid unwanted warnings
  • Changed output:
  • try to use relative paths when using compile databases, if compile database is accessed with relative path
  • updated XML; The file0 attribute is moved from to
  • Misra:
  • fixed crashes and false positives
  • New checks:
  • suspicious container/iterator assignment in condition
  • rethrow without current handled exception

New in Cppcheck 2.4.1 (Mar 23, 2021)

  • Fixed windows installer, a file needed by the Misra addon was missing.

New in Cppcheck 2.4 (Mar 22, 2021)

  • Fixed false negatives and false positives
  • New check; Detect one definition rule violations
  • Various improvements:
  • MISRA improvements
  • ImportProject fixes
  • Various bug hunting improvements
  • Fixes when importing AST from clang

New in Cppcheck 2.3 (Dec 5, 2020)

  • Improved C++ parser:
  • types
  • wrong operands in ast
  • better simplification of templates
  • Improved clang import, various fixes.
  • Improved value flow analysis
  • Fixed false positives
  • Improved configuration in library files:
  • boost.cfg
  • googletest.cfg
  • qt.cfg
  • windows.cfg
  • wxwidgets.cfg
  • Added several Misra rules:
  • 6.1
  • 6.2
  • 7.2
  • 7.4
  • 9.2
  • 10.2
  • 15.4
  • Added platforms:
  • elbrus e1c+
  • pic
  • pic8
  • mips

New in Cppcheck 2.2 (Oct 3, 2020)

  • New checks:
  • Incorrect usage of mutexes and lock guards
  • Dereference end iterator
  • Iterating a known empty container
  • OutOfBounds check for iterators to containers
  • Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
  • Improved parser
  • Various ast fixes
  • Clang parser
  • The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
  • Improved bug hunting
  • Variable constraints
  • Handling of multidimension arrays
  • Function calls, execute functions that are in same TU
  • Improved handling of containers
  • Several improvements for uninitialized variables check
  • Improved analysis of for loops
  • Added a hash value for warnings that can be used for suppressions
  • Improved data flow
  • One more heuristic for ternary operators
  • Improved data flow for containers
  • CLI:
  • Fixed some addon execution problems when there are spaces etc
  • GUI:
  • Fix handling of tags
  • Exclude files
  • Cppcheck-htmlreport:
  • Several result files can be combined into 1 output
  • Suppressions:
  • Comments can be added at end of suppression in suppressions file

New in Cppcheck 2.1 (Jun 14, 2020)

  • We have tweaked build scripts.
  • When you use USE_Z3=yes, we will handle new versions of z3 better. If you have an old z3 library and get compilation problems you will need to add a z3_version.h in externals.
  • The cmake scripts was updated.
  • There was a couple of bug fixes.
  • New check:
  • for "expression % 1" the result is always 0.

New in Cppcheck 2.0 (May 11, 2020)

  • Several fixes to:
  • improve parsing
  • detect more bugs with existing checks
  • fix false alarms
  • Clang import:
  • Clang is a C/C++ compiler that has a very robust and well made parser.
  • Cppcheck will always use its internal parser by default. However there is now an option to use the Clang parser instead.
  • It is recommended that you use the default internal Cppcheck parser unless you notice that it fails to parse your code properly (syntax errors, strange false alarms).

New in Cppcheck 1.90 (Dec 21, 2019)

  • New check:
  • alias to vector element invalid after vector is changed
  • Improved checking
  • improved value flow analysis for struct members
  • improved value flow analysis for pointer alias
  • CERT:
  • Added ENV33-C: Do not call system()
  • MISRA:
  • Added rule 2.7
  • Added rule 3.2
  • Added rule 4.2
  • Added rule 14.2
  • Added rule 21.1
  • Added rule 21.12
  • Addons:
  • Add --recursive option. You can check dump files recursively

New in Cppcheck 1.89 (Sep 2, 2019)

  • Command line:
  • The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.
  • Compiling:
  • From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.
  • Improved checking:
  • improved value flow analysis for pointer aliases
  • improved checking for uninitialized variables/structs
  • better checking of smart pointers
  • better checking of global variables
  • Added Cppcheck annotations __cppcheck_low__(VALUE) and __cppcheck_high__(VALUE)
  • shadow variables; warn when argument is shadowed
  • warn if local reference variable can be const
  • CERT:
  • Added API01-C: Avoid laying out strings in memory directly before sensitive data
  • Added MSC24-C: Do not use deprecated or obsolescent functions
  • Added STR11-C: Do not specify the bound of a character array initialized with a string literal
  • MISRA:
  • Added rule 17.2
  • Added rule 18.4
  • Added rule 18.7
  • GUI:
  • Minor tweaks

New in Cppcheck 1.88 (Sep 2, 2019)

  • New checks:
  • Comparing pointers that point to different objects
  • Address of local variable 'x' is accessed at non-zero index
  • STL usage: unnecessary search before insertion
  • Duplicate expression for condition and assignment: if (x==3) x=3;
  • Added --library configuration files for:
  • cppunit
  • libcerror
  • nspr
  • opengl
  • sqlite3
  • Better handling of C++14 and C++17
  • Command line:
  • New command line option --addon used to run addons directly from Cppcheck.
  • Some advanced options are only available in GUI:
  • remove unused declarations in header files to speedup analysis
  • remove unused templates to speedup analysis
  • when checking visual studio project, only check 1 configuration
  • max whole-program-analysis call stack depth
  • To get these features in command line tool, create a GUI project file and import that on command line using --project.
  • GUI:
  • started implementing theme support
  • Makefile:
  • Please use MATCHCOMPILER=yes instead of SRCDIR=build when compiling to enable the match compiler.
  • Cert:
  • add check exp15-c
  • add check str03-c
  • add check str05-c
  • add check str07-c
  • Misra:
  • Add check 17.7
  • Add check 20.7
  • Add check 20.10

New in Cppcheck 1.87 (Feb 9, 2019)

  • Command line interface:
  • --project can now import Cppcheck GUI projects.
  • New checks:
  • Condition is always true when array address is compared with 0.
  • function argument expression calculation has known result (#8830)
  • Improvements:
  • Better lifetime checking (using pointer/reference that points at deleted object)
  • Improved whole program analysis
  • Better handling of language extension var@address.
  • Many improvements in parser to handle templates, type aliases, etc better
  • Configuration:
  • new configuration for boost
  • much better wxwidgets configuration
  • Addons:
  • New addon for checking naming conventions. Naming conventions are configured in json file.
  • Performance:
  • According to daca@home Cppcheck-1.87 is in average 10% faster than Cppcheck-1.86.

New in Cppcheck 1.86 (Dec 8, 2018)

  • General:
  • Many fixes in the template simplifier
  • Several fixes in the abstract syntax tree.
  • Checking improvements:
  • New check: passing address of char to function that expects a strz
  • New check: shadow variables
  • Improved lifetime checking
  • Improved STL iterators checking
  • Improved data flow analysis
  • New libraries:
  • zlib
  • googletest
  • Addons:
  • misra.py: Fixes for suppressions and exclusions
  • namingng.py: New addon to check naming conventions. Rules are specified in json file.

New in Cppcheck 1.85 (Oct 15, 2018)

  • General:
  • We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
  • According to "daca@home" (http://cppcheck.osuosl.org:8000) There are fewer crashes.
  • Cppcheck-1.85 is ~25% slower than Cppcheck-1.84
  • Checking improvements:
  • New check: Suggest STL algorithms instead of hard-coded for loops
  • New check: Warn about ineffective algorithms (same iterator passed)
  • New check: Mismatching iterators used together in operators
  • Container (STL/Qt/WxWidgets/etc) access out of bounds
  • Improved the checkers that warns about same/opposite expressions, track variable values better.
  • logical conjunctions
  • identical/opposite inner expressions
  • same expressions around operator etc
  • Variable scope: warn about references also
  • Graphical user interface:
  • You can specify undefines in the project file dialog
  • Fixed configuration of suppressions
  • Windows: Fixed issue of wrong/no theme being applied to UI elements
  • Misra:
  • support per file excludes from cppcheck
  • support per file suppressions from cppcheck
  • summary will now summarize results for all files again
  • a few false positives were fixed

New in Cppcheck 1.84 (Jun 14, 2018)

  • New checks:
  • Same rhs expression used in consecutive assignments
  • Added more misra checkers
  • Function overrides base class function but is not marked with the override keyword
  • Improved checks:
  • Identical inner condition
  • Opposite expressions
  • Call to virtual function in constructor or destructor
  • Variable not initialized by private constructor
  • A class that has dynamic allocation needs copy constructor, assignment operator and destructor
  • Misc:
  • Various performance optimisations
  • Better support for C++17
  • --template=gcc format has been updated to match gcc output better.
  • We added a --template-location that can be used to format multiline messages.
  • Update --template so the piece of code with the warning can be shown
  • Symbol-based suppressions
  • XML based suppressions format
  • Addons:
  • cert.py: Attempting to cast away const
  • misc.py: String concatenation in array initialization
  • misc.py: Passing struct to ellipsis function
  • misc.py: Function overrides base class function but is not marked with the virtual keyword
  • Compiling:
  • We dropped support for some old compilers.
  • From now on you need gcc 4.6 or later / visual studio 2013 or later / other compiler with c++11 support.

New in Cppcheck 1.83 (Apr 2, 2018)

  • Command line:
  • Fixes in parser
  • Improved loading of platform files.
  • GUI:
  • Few minor improvements in user interface
  • Code preview
  • Added MISRA addon integration
  • Platform can be selected in project settings
  • Fixed issue when loading xml results file
  • Addons:
  • We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.

New in Cppcheck 1.82 (Jan 15, 2018)

  • Bug fixes:
  • Better handling of namespaces
  • Fixed false positives
  • Fixed parsing of compile databases
  • Fixed parsing of visual studio projects
  • Enhancements:
  • New check; Detect mistakes when there are multiple strcmp() in condition
  • New check; pointer calculation result can't be NULL unless there is overflow
  • New check; public interface of classes should be safe - detect possible division by zero
  • Fixed a few false negatives
  • More information in the cfg files

New in Cppcheck 1.81 (Oct 8, 2017)

  • CPPCHECK:
  • New warning: Check if condition after an early return is overlapping and therefore always false.
  • Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu
  • Better handling of Visual Studio projects
  • GUI:
  • Compile: Qt5 is now needed to build the GUI
  • Compile: New qmake flag HAVE_QCHART
  • Project: You can now run cppcheck-addons
  • Project: We have integrated clang-tidy
  • Results view: Reload last results (if cppcheck build dir is used) when GUI is started
  • Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..)
  • Results view: Shows when warning first appeared (since date)
  • Results view: Suppress warnings through right-click menu
  • Statistics: Added charts (shown if Qt charts module is enabled during build)

New in Cppcheck 1.80 (Sep 30, 2017)

  • Checking improvements:
  • Added platform for Atmel AVR 8 bit microcontrollers (avr8)
  • Better 'callstacks' in cppcheck messages
  • Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added motif.cfg
  • Various improvements to AST, ValueFlow analysis and template parsing
  • Command line changes:
  • Deprecated command line argument --append has been removed
  • New command line argument --plist-output to create .plist files
  • New command line argument --output-file to print output to file directly
  • Check OpenCL files (.cl)
  • GUI:
  • Support export of statistics to PDF
  • Several small usability improvements

New in Cppcheck 1.79 (May 14, 2017)

  • General changes:
  • C++ code in C files is rejected now (use --language=c++ to enforce checking the code as C++)
  • Write function access type to XML dump
  • Checking improvements:
  • Improved configuration extraction in preprocessor
  • Improved accuracy of AST
  • Improved template parsing
  • Improved support for (STL) containers in SymbolDatabase
  • Improved support for C++11's 'auto' type
  • Experimental support for uninitialized variables in ValueFlow analysis
  • Added qt.cfg and sfml.cfg, improved several existing .cfg files
  • GUI:
  • Use CFGDIR macro

New in Cppcheck 1.78 (Apr 2, 2017)

  • General changes:
  • Reduced memory usage by up to 10% by reducing size of token list
  • New checks:
  • Mismatching argument names between function declaration and definition
  • Detect classes which have a copy constructor but no copy operator and vice versa
  • Checking improvements:
  • Improved matching of overloaded functions
  • Improved ValueType analysis, especially related to allocations with "new" and C++11's "auto"
  • Improved support for C++11 brace initialization
  • Improved ValueFlow analysis
  • Improved template parsing
  • Improved detection of memory leaks
  • Improved nullpointer checking when nullptr and NULL are used
  • Detect array out of bounds across compilation units
  • Extended windows.cfg, posix.cfg and std.cfg

New in Cppcheck 1.77 (Jan 10, 2017)

  • General changes:
  • Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking
  • Improved project support for Visual Studio solutions
  • Removed checks
  • New checks:
  • Detect pointer overflow
  • Detect usage of variable after std::move or std::forward
  • Checking improvements:
  • Warn about number and char literals in boolean expressions
  • Improved checking for variables modified but not used again
  • Libraries: Added support to specify
  • Improved ValueFlow, especially related to function return values and casts
  • Improved simplification of Null values to allow more accurate checking
  • Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg
  • Reimplemented check for using iterators of mismatching containers
  • GUI:
  • Support build directory as in CLI
  • Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck 1.76.1 (Oct 18, 2016)

  • Bugfix to avoid hang.

New in Cppcheck 1.76 (Oct 18, 2016)

  • General changes:
  • Completed CWE mapping
  • Support opening project files of external build systems, including CMake and Visual Studio (CLI: --project)
  • XML format version 1 is deprecated and will be removed in 1.81
  • Checking improvements:
  • Improved checking for conditions that are always true/false
  • Improved format string checking: Support more functions, support %h and %hh
  • Improved std.cfg, windows.cfg and qt.cfg; added wxwidgets.cfg
  • Improved ValueFlow analysis
  • Improved SymbolDatabase accuracy
  • Improved Preprocessor (simplecpp)
  • Support base class methods in Library
  • GUI:
  • Support opening project files from GUI
  • Added .desktop file

New in Cppcheck 1.75 (Aug 8, 2016)

  • General changes:
  • Replaced internal preprocessor by the brand-new preprocessor 'simplecpp'
  • Improved Windows installer: Install a copy of the license instead of asking to accept it
  • The Windows x64 binaries are now compiled with profile guided optimization, resulting in a speedup of 11%
  • Improved manual, especially the chapter about Libraries
  • Improved CWE mapping
  • append is deprecated and will be removed in 1.80
  • New checks:
  • Detect passed by value for non-const variables and print message only if type size justifies optimization
  • Checking improvements:
  • Implemented support for trailing return types (C++11)
  • Improved support for digit separators (C++14)
  • Improved support for enum types in buffer overflow checking
  • Better handling of volatile variables when checking for redundant assignments
  • Properly support integer suffixes i64 and ui64
  • Support function arguments with default value in Libraries
  • Always set file0 attribute of error messages to identify the source file cppcheck was checking

New in Cppcheck 1.74 (Jun 6, 2016)

  • General changes:
  • Improved CWE mapping of messages
  • Git pre-commit hook checks only added or modified files
  • Checking improvements:
  • Replaced simplification of enums by keeping and parsing them in the SymbolDatabase
  • Added support to Library for specifying the parameter used by allocating/deallocating functions
  • Improved support for integers defined in Libraries
  • Improved accuracy of ValueType analysis
  • Improved accuracy of VarID assignment, especially when dealing with structs and unions
  • Improved performance of VarID assignment, checking for struct member usage, buffer overrun checking and several simplifications
  • Added support for lots functions to windows.cfg and posix.cfg
  • Better support for operator overloads
  • Detect buffer overflows when %c is used with a width
  • Improved checking for sizeof() taken of wrong type
  • Support char literals when checking for conditions being always true or false
  • Reimplemented check for usage of boolean results used in bitwise operations based on ValueType
  • Improved checking for c_str() usage

New in Cppcheck 1.73 (Apr 9, 2016)

  • General changes:
  • CWE mapping of messages
  • Translated manual to Japanese language
  • Removed checks:
  • Checks for variables hiding enums or typedefs have been removed
  • New checks:
  • Checking improvements:
  • Improved ValueType a lot, use it in more checks
  • Improved VarId support for template constructors, namespaces and references as class members
  • Improved libraries, especially gnu.cfg, posix.cfg and windows.cfg
  • Improved simplification of enums and templates
  • Better distinguishing between possible and known null pointer dereferenciations
  • Assume integers to be signed by default
  • better support for cplusplus macro in preprocessor
  • Preprocessor directives for addons
  • New tools: times-vs.py, reduce.py
  • GUI:
  • Detect Geany and QtCreator
  • Make statistics dialog shown when checking is finished optional

New in Cppcheck 1.72 (Jan 11, 2016)

  • General changes:
  • Added platform files to customize characteristics of different target platforms - Added setting to configure the default sign of integral variables and bit size of type 'char'
  • Added option -E (only preprocess the code)
  • Option --dump now outputs data for each configurations, not only the last one - Several qmake project files have been removed
  • Removed checks:
  • Check for unnecessary forward declaration has been removed
  • New checks:
  • Warn about shifting negative values
  • Detect statements with undefined execution order
  • Added a generic check to discourage usage of specific functions, replacing CheckNonReentrantFunctions and CheckObsoleteFunctions Checking
  • Improvements:
  • Several improvements to ValueFlow analysis
  • Improved ValueType handling, refactored several checks to make use of it
  • Improved memory leak checking
  • Improved Container specification in Library files, rewrote some checks based on it
  • Improved handling of character literals
  • Improved checking for non-interlocked accesses
  • Properly support types in namespace std
  • Added some validation mechanisms to avoid crashs
  • GUI:
  • Improved Library editor
  • Support "Enter" key in results tree
  • Properly detect editors on 64-Bit Windows
  • Added Japanese translation
  • Allow opening project file without extra parameter from command line Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck 1.71 (Nov 16, 2015)

  • General changes:
  • The deprecated options --suppressions and --exitcode-suppressions have been removed - .hh and .hxx files are now treated as C++ files
  • Improved documentation (readmes and manuals)
  • Internal errors (for example syntax error) are now suppressable
  • Removed checks:
  • Check for unnecessary qualification has been removed
  • Checking improvements:
  • Support range-based for-loops (C++11)
  • Better support for C++11 style initialization
  • Better support for lambdas (C++11)
  • Support digit separators (C++14)
  • Added determination of the type of an expression (ValueType)
  • Support case ranges (GCC extension)
  • Improved AST generation and added validation
  • Improved value flow analysis
  • Improved checking for unitialized arrays
  • Improved VarId assignment for member variables
  • Rewrote checking of char variables
  • Known variable simplification has been removed partially in favour of value flow analysis
  • GUI:
  • Added library editor
  • Improved display of inconclusive messages
  • Added option to enforce parsing as C or C++ code
  • Show file that included a header in details view - Added "Recheck all files" button, "Recheck files " renamed to "Rechecked modified files" Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck 1.70 (Oct 29, 2015)

  • General changes:
  • New version of .cfg file format, adding support for namespaces and declaring several functions at once
  • Support building x64 installer for Windows; Both x64 and x86 builds are now provided
  • Warn about deprecated options --suppressions and --exitcode-suppressions. They will be removed in future
  • Added debugging option --debug-normal, which prints out debug output before second stage simplification
  • New checks:
  • Warn about modifying string literals
  • Detect declaration of variable length arrays with negative size
  • Warn about implicit type conversion from int to long
  • Warn about redundant code in conditions like (y || (!y && z))
  • Detect conditions with known result
  • Race condition: non-interlocked access after InterlockedDecrement()
  • Detect unused 'goto' labels
  • Removed checks:
  • Do no longer warn about a bug in scanf implementation of ancient glibc versions
  • Multifile analysis (added in 1.69) has been removed because it did not work
  • Removed ExecutionPath checker, which has been superseeded by ValueFlow analysis
  • Improvements:
  • Support hexadecimal floating point numbers (C99)
  • Support [[deprecated]] (C++14)
  • Improved handling of sizeof()
  • Improved handling of reserved keywords
  • Better handling of C declaration specifiers; support complex/_Complex (C99)
  • Better handling of ternary operator in ValueFlow analysis
  • Lots of improvements to .cfg files, especially std.cfg, which now supports namespace std
  • Improved performance and memory usage of Preprocessor
  • Improved performance of matchcompiler
  • Reduced Disk IO when ignoring paths
  • Removed several obsolete simplifications
  • Added python addons: naming.py, threadsafety.py and cert.py
  • GUI:
  • Support printing
  • Added item "Open containing folder" to context menu

New in Cppcheck 1.69 (May 5, 2015)

  • General changes:
  • Added flag --platform=native, when it is used type sizes and behaviour of host system are used
  • Backward compatibility for Libary files is now working. Future cppcheck versions will be able to use libraries written for previous versions
  • Windows 32 bit builds now set /LARGEADDRESSAWARE, so that they can use up to 4 GiB
  • New checks:
  • Detect bad bitmask checks (usage of | where & should be used)
  • Suggest usage of "explicit" for constructors with a single parameter
  • Suggest usage of make_shared/make_unique
  • Warn about usage of malloc with auto_ptr
  • Detect redundant pointer operations like &*ptr
  • Improvements:
  • Support std::array (C++11)
  • Detect same expressions in both branches of a ternary operator
  • New -tags in libraries to configure STL (and similar) container types
  • Several improvements to ValueFlow analysis (for example support for default function arguments)
  • Improved buffer overrun and memory leak checking
  • Removed a bunch of redundant checking code
  • Removed several simplifications
  • Stronger matching of library functions
  • Lots of additions to std.cfg and posix.cfg
  • New library for Microsoft SAL (microsoft_sal.cfg)
  • Improved C++11 template parsing (">>" as closing brackets, variadic templates)
  • Added statistics to htmlreport
  • GUI:
  • Fixed language selection

New in Cppcheck 1.68 (Jan 6, 2015)

  • New checks:
  • Multifile checking for buffer overruns and uninitialized variables
  • Improvements:
  • Libraries are now able to contain platform specific types
  • Improved handling of function overloads
  • Improved handling of integer literal suffixes
  • Improved stability of template parsing
  • Improved accuracy of ValueFlow analysis
  • Improved checking of pointer overflow
  • Support noexcept(false)
  • Support __attribute__((noreturn))
  • A bunch of additions to several Libraries, especially posix.cfg and qt.cfg

New in Cppcheck 1.67 (Oct 20, 2014)

  • General changes:
  • Library files have now a 'format' attribute. Format version 1 is assumed by default
  • Cppcheck does no longer abort checking if unhandled characters (Non-ASCII) are found
  • New checks:
  • Check for unused return values
  • Detect shift by too many bits, signed integer overflow and dangerous sign conversion -
  • Recommend usage of expm1(), log1p(), erfc()
  • Division by sizeof() as parameter to memset/memcpy/memmove/etc. as they expect a size in bytes
  • Several new va_arg related checks:
  • Wrong parameter passed to va_start()
  • Reference passed to va_start()
  • Missing va_end()
  • Using va_list before it is opened
  • Subsequent calls to va_start/va_copy()
  • Initialization by itself in initializer list
  • Dead pointer usage when pointer alias local variable that has gone out of scope
  • Improvements:
  • Support uniform initialization syntax (C++11)
  • Much improvements to value flow analysis
  • Improved AST creation (support placement new, C++-style casts, templates, operator new[], ...)
  • Improved lambda support
  • Support GCC extension __attriute__((used)) and MSVC extension __declspec(property)
  • Better support for static member variables, inherited variables and namespaces
  • Improved typedef support where multiple variables are declared at once
  • Avoid checking code multiple times by calculating a checksum. Duplicate preprocessor configurations are eliminated by this.
  • Support C++03/C 'auto' keyword
  • HTML report: display 'verbose' message using clickable expandable divs Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck 1.66 (Aug 14, 2014)

  • New checks:
  • Compare pointer with '\0'
  • Assigning boolean expression to floating point variables
  • Improvements:
  • Much improved AST
  • Much improved ValueFlow analysis
  • ValueFlow and AST now used by much more checks, improving checking accuracy and performance
  • Checking for self assignment now supports more complex expressions
  • Returning references to literals or references to calculation results is detected
  • Enhanced support for commutative operators in duplicate expression checking
  • Improved template/enum parsing
  • Much improved htmlreport
  • Definition of POD types in .cfg files
  • Definition of minsize for buffer arguments in .cfg files for buffer overflow checking
  • Fixed handling of #error: Do not report them if -f and -D are used together
  • New .cfg file for AVR platform
  • Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList if --dump is given
  • Improved performance in several cases
  • Windows Builds: Now compiled with VS2013, linked against Qt 5.3.1
  • GUI:
  • Platform settings are being saved now
  • Improved handling of (invalid) .cfg files
  • Use Win32W as default platform on Windows
  • Additionally, a large number of false positives and crashs has been fixed.

New in Cppcheck 1.65 (May 12, 2014)

  • General changes:
  • Cppcheck requires a C++11 compiler supporting the common subset of features supported by GCC 4.4, Visual Studio 2010 and Clang 2.9
  • Problems with packaging and windows installer introduced in last release were fixed
  • Improvements:
  • Much improved support of complex combinations of function pointers, arrays and references
  • Better handling of syntax errors
  • Better detection of stack variables passed to free()
  • Much improved value flow analysis
  • More robust error detection in several checks due to usage of AST
  • Better handling of unknown Macros in function declarations
  • Allocation/Deallocation functions can be extend across different .cfg files
  • Better handling of some C++11 language features like enum class, in-class member initializers
  • Detect calling (std::)abs() with bool argument
  • New checks:
  • Check for noexcept and __attribute__((nothrow)) correctness
  • Check for unhandled exceptions when exception specifiers are used
  • Access to empty STL containers
  • Repositioning operation on a file opened in append mode
  • Find nested redundant if-statements (was experimental before)
  • Additionally, a large number of false positives and crashs has been fixed.

New in Cppcheck 1.64 (Mar 3, 2014)

  • A new value flow analysis has been added. It is generic so the same analysis can be reused by various checkers - previously many checkers have had their own value flow and control flow analysis. The new value flow analysis performs context sensitive cross-function analysis. All checkers that uses this will automatically have cross-function context sensitive value flow analysis. The new analysis is gradually introduced in the checkers - the old analysis in a checker is kept until it is redundant. The new value flow analysis is so far used to detect:
  • division by zero
  • null pointer dereference
  • array index out of bounds
  • invalid function argument
  • Other Improvements:
  • Improved configurations for gtk, posix, sdl, std, windows
  • Warn when using negative allocation size
  • Check 2nd parameter for memset

New in Cppcheck 1.63.1 (Feb 21, 2014)

  • New check:
  • Using pointer addition result in condition 'if (p+1)' - either a dereference is forgotten or it depends on UB (the result is only 0 if there is overflow, which is UB).
  • Improved checks:
  • Leaks - ignoring return value of allocation function
  • Uninitialized vars - check how uninitialized malloc data is used
  • Rewritten 'calculation in sizeof' using syntax tree
  • Rewritten 'clarify calculation' using syntax tree
  • Rewritten 'logical disjunction' using syntax tree
  • Rewritten 'duplicate expressions' using syntax tree
  • Rewritten 'invalidFunctionUsage' that uses the *.cfg files
  • GUI:
  • Library files can be enabled in the project dialog
  • Suppressions can be specified in the project dialog
  • Other:
  • Cppcheck is now continuosly scanning all the source code in the debian archive.
  • Fixes of templates handling, hangs, crashes and false positives

New in Cppcheck 1.62 (Oct 13, 2013)

  • New checks:
  • Divide with variable and then compare to see if variable is 0
  • uplicated inherited member
  • Improved checking:
  • handling of >> in templates
  • format string checking
  • comparing bool result with integer
  • standard isgreater()/islower() functions
  • standard math functions
  • reassigning struct members
  • Htmlreport:
  • xml-version 2 is now handled

New in Cppcheck 1.61 (Aug 5, 2013)

  • New checks:
  • arithmetical usage of inf/nan result
  • suspicious usage of comma in return statement
  • sizeof(void)
  • Improved checking:
  • better simplification of strlen
  • improved handling of array member variables 'x[y].z..'
  • Specific improvements in checks for buffer overruns, format strings, uninitialized variables
  • Command line:
  • Using both --max-configs and -D. Normally when -D is used, Cppcheck will only check the given configuration. By using --max-configs also, you can tell Cppcheck to check more configurations.
  • Added --library and --check-library.
  • Graphical user interface:
  • Somewhat improved response when stopping checking
  • Cppcheck core:
  • Extending checking with configuration files. Cppcheck has internal knowledge for standard C/C++ functions. Knowledge for libraries and environments can be specified using configuration files.
  • Rules: added that allow you to check 'raw' code and 'normal' code. In the 'raw' code, the comments and #include are already taken care of, but the #define statements can be analysed.

New in Cppcheck 1.60.1 (Jun 10, 2013)

  • Bug fix in compiled patterns

New in Cppcheck 1.59 (Apr 10, 2013)

  • Commandline/Settings changes:
  • New option to enable warnings but not style messages: --enable=warning
  • Cppcheck used to skip includes where the header filename is enclosed in . You can now include these headers also by using -I. It is still not required to include these headers so feel free to try it and then include the headers that give you the best results. The biggest problem with including many headers is that analysis gets slow.
  • New checks:
  • New POSIX checks: pipe() buffer size, redundant calls of set/get user id, too big value passed to usleep(), buffer overflow when using write()
  • Storing getc() return value in char variable and comparing to EOF.
  • Detect redundant bitand operations
  • Find suspicious equality comparisons like: if(a == 0) a == 1;
  • Warn about using malloc() for classes containing virtual methods, std::-objects or constructors
  • Portability check that warns when using NULL as argument to variadic function. It has undefined behavior on some implementations.
  • Improvements:
  • Improved lookup for functions and types
  • Switched to TinyXml2 as XML library
  • Improved checking for uninitialized struct members, variable scopes that can be reduced and unused functions
  • GUI:
  • Remember last path in open file dialog
  • Added command line parameter to open a results file
  • Bug in statistic calculation fixed Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck 1.57 (Jan 3, 2013)

  • Commandline/Settings changes:
  • Support for Java and C# code has been removed.
  • New option --language= (alias: -x=) to enforce treating code as a specific language
  • Improvements:
  • Support GCC binary number syntax (0b...)
  • Fixed search order for include paths
  • Several error messages have been improved to be more understandable and consistent
  • Rewrote enum parsing
  • Simplification of well-known math.h functions
  • Check for variable being assigned a value never used handles now also reassignments
  • Fixed several false negatives in buffer overrun check
  • Detect more inadequate comparisons of boolean variables
  • Better detection of mismatching and assignments and comparisons with bitwise operations
  • New checks:
  • Check for variables being reassigned a value before the old one has been used
  • Detect missing copy constructors when class allocates memory
  • Check for pointer copying when class allocates memory
  • Detect freeing invalid address
  • GUI:
  • Added Scratchpad feature
  • Message Ids can be copied to clipboard (context menu)
  • Message Ids can optionally be displayed in detailed view and as additional column
  • Fixed detection of Applications
  • Installer (Windows only) and build environment:
  • Allow selecting features to install
  • Cppcheck core is built into .dll and shared between GUI, CLI and testrunner
  • Increased compression of installer
  • Switched back to VS10 (from MinGW)
  • Updated to TinyXML 2.6.2, PCRE 8.31 and Qt 4.8.3

New in Cppcheck 1.56 (Oct 16, 2012)

  • Commandline/Settings changes:
  • Code is considered to be C++11 or C11 compatible by default, added new standards to --std= option: c89, c11, c++03
  • '--inconclusive' has been made "official" and shown in help dialog
  • Improvements:
  • Uninstantiated templates are no longer removed from token list
  • Support 'using namespace std;' - 'std ::' added to C++ standard library types when 'using namespace std;' is found
  • Several error messages have been improved to be more understandable and consistent
  • Checking of pre-processor configurations that are considered invalid, because the macro used in #if is also used in the code, is now skipped.
  • New checks:
  • Detect incomplete array fill with memcpy/memset/memmove (inconclusive check)
  • Detect ineffective statememts like '*foo++;'
  • Check for negative right operand passed to shift operator
  • Detect comparison of char* variable with string literal
  • Check for return value of std::remove() and container.empty() being used
  • Detect member functions that can be declared static
  • Detect const variables that can be made a const reference
  • GUI:
  • Korean translation added
  • Additionally, lots of false positives have been fixed and several existing checks have been improved.

New in Cppcheck 1.55 (Oct 16, 2012)

  • Cppcheck can now analyze source files that are UTF-16 encoded Faster checking. Some projects, for instance sqlite, is much quicker now. T
  • he difference when checking other projects is not big.
  • Removed deprecated command line options -s, --style, -a, --all, --auto-dealloc, --test-2-pass.
  • Improved C code analysis.
  • Better analysis of unknown types etc.
  • New check: comparison of modulo results that are always true/false. For instance: if (x % 5 == 5)
  • Improved checks to detect more bugs:
  • improved array index out of bounds
  • improved double deallocation
  • delete non-dynamic memory
  • missing break in switch
  • member variable not initialized
  • improved checking of format string parameters
  • improved 64-bit portability when returning pointer/int

New in Cppcheck 1.54 (Oct 16, 2012)

  • Command line:
  • Added --relative-path
  • Improved checks to detect more bugs:
  • improved checking for buffer overruns on dynamically allocated memory (#3569)
  • when variable is compared against a value in condition, the variable value is known in the conditional block.
  • null pointer checking
  • handle more standard functions and improved checking of loops
  • more standard functions are checked
  • improved checking of loops
  • dangerous conditions
  • detect more bugs related to std::find and string::find usage
  • detect more sign extension problems
  • detect redundant .c_str() for strings
  • invalid pointer cast from float* to double*
  • more strict about int vs. bool
  • Preprocessor: extract more configurations => more code is checked
  • Unused functions
  • fixed false negatives for functions that returns reference
  • Better checking of sizeof * Improved "unused private function" checking
  • GUI:
  • Faster recheck: The "Recheck files" only rechecks the files that has been modified since the last scan

New in Cppcheck 1.53 (Oct 16, 2012)

  • We have fixed many problems such as false positives, segmentation faults, etc.
  • We improved existing checks to detect more errors:
  • type checking for format string parameters
  • uninitialized variables
  • bad std::string usage
  • buffer overflow checking
  • iterator used on different containers
  • doublefree of pointer
  • null pointers
  • bad usage of isdigit/isgraph/isalpha/etc
  • wrong usage of std::find
  • more deprecated functions

New in Cppcheck 1.52 (Oct 16, 2012)

  • wrong value passed to isgraph
  • missuse of std::cout
  • some warnings when sizeof is used on pointer variable
  • endless loop because of unsigned comparison
  • better check for missing break in switch (redundant strcpy)
  • using && instead of & in expression
  • wrong usage of printf/scanf/etc (format string and parameters mismatch)
  • useless calls of STL functions (wrong usage)
  • detect suspicious use of semicolon after if/for/while (--inconclusive)
  • added checking of readlink() usage
  • boolean comparison with string literals

New in Cppcheck 1.51 (Oct 16, 2012)

  • actual initialization order of member variables is not the same as the written order. Use --inconclusive and --enable=style to enable this check.
  • when first comparison is true, the 2nd comparison is always true.
  • Example: '(x>5 && x!=1)'. Use --enable=style to enable this check. we fixed many false positives and false negatives in existing checks.

New in Cppcheck 1.50 (Aug 16, 2011)

  • There was many fixes of false positives and serious problems like crashes, hangs, etc.
  • New checks:
  • Check for std::auto_ptr misuse (related to strict ownership)
  • Read array and then immediately check if the array index is within limits
  • assign pointer to int/long
  • assign bool to pointer
  • duplicate "break" statements in switch
  • matching "if" and "else if" conditions when using bitwise and
  • matching assigment and condition when using bitwise and
  • test if unsigned value is less than zero