Softpedia >Windows >Portable Software >Programming >Cppcheck Portable >  Changelog

Cppcheck Portable Changelog

What's new in Cppcheck Portable 2.9

Sep 1, 2022
  • restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
  • replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
  • on Windows the callstack is now being written to the output specific via "--exception-handling"
  • make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
  • detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
  • Add a match function to addon similiar to Token::Match used internally by cppcheck:
  • | for either-or tokens(ie struct|class to match either struct or class)
  • !! to negate a token
  • It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
  • It supports (*), {*}, [*], and <*> to match links
  • @ can be added to bind the token to a name
  • ** can be used to match until a token
  • Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
  • Further improve lifetime analysis with this pointers
  • Propagate condition values from outer function calls
  • Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces

New in Cppcheck Portable 2.8 (May 31, 2022)

  • Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
  • SymbolDatabase can now deduce iterator types from how they are specified in the library files.
  • ValueFlow can evaluate class member functions that return known values.
  • Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
  • Fix variableScope to not warn when variables are used in lambda functions
  • Fix unassignedVariable warnings when using structured bindings
  • Fix redundantInitialization warning when variable is used in a lambda
  • Fix variableScope warnings when using if/while init-statement
  • Improve lifetime analysis when returning variadic template expressions
  • Detect more statements with constStatement
  • Detect variableScope for more types
  • Improvements to unreadVariable
  • Detect more instances of C style casts
  • Warn if the return value of new is discarded
  • The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
  • Extended library format to exclude specific function argument values

New in Cppcheck Portable 2.7 (Feb 6, 2022)

  • Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.
  • Various checker improvements.
  • Fixed false positives.

New in Cppcheck Portable 2.6 (Oct 4, 2021)

  • New checks in core cppcheck:
  • missing return in function
  • writing overlapping data, detect undefined behavior
  • compared value is out of possible type range
  • perf] Copy elision optimization can't be applied for return std::move(local)
  • file can not be opened for read and write access at the same time on different streams
  • Various improvements:
  • Color output for diagnostics are added for unix-based platforms.
  • Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
  • Rules using the "define" tokenlist can also match #include as well.
  • Library <function> tags can now use <container> tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
  • Library <smart-pointer> tag can specify a <unique> tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
  • Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
  • htmlreport can now output author information (using git blame)
  • More warnings about variables that is not const but can be const
  • Misra C 2012 compliance has been "completed"
  • All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2.
  • The rules 1.1 and 1.2 must be checked with a compiler.
  • The rule 17.3 can be checked by a compiler, for instance GCC.

New in Cppcheck Portable 2.5 (Jul 21, 2021)

  • Parser:
  • various fixes
  • checked that all features in c++11, c++14, c++17 are supported
  • c++20 support is improved but not complete yet
  • Core:
  • improved library files, better knowledge about APIs
  • improved checks to detect more bugs
  • fixed checks to avoid unwanted warnings
  • Changed output:
  • try to use relative paths when using compile databases, if compile database is accessed with relative path
  • updated XML; The file0 attribute is moved from <location> to <error>... read more</error></location>

New in Cppcheck Portable 2.4.1 (Apr 10, 2021)

  • Fixed windows installer, a file needed by the Misra addon was missing.

New in Cppcheck Portable 2.4 (Mar 22, 2021)

  • Fixed false negatives and false positives
  • New check; Detect one definition rule violations
  • Various improvements:
  • MISRA improvements
  • ImportProject fixes
  • Various bug hunting improvements
  • Fixes when importing AST from clang

New in Cppcheck Portable 2.3 (Dec 7, 2020)

  • Improved C++ parser:
  • Types
  • Wrong operands in ast
  • Better simplification of templates
  • Improved clang import, various fixes.
  • Improved value flow analysis
  • Fixed false positives
  • Improved configuration in library files:
  • Boost.cfg
  • Googletest.cfg
  • Qt.cfg
  • Windows.cfg
  • Wxwidgets.cfg
  • Added several Misra rules:
  • 6.1
  • 6.2
  • 7.2
  • 7.4
  • 9.2
  • 10.2
  • 15.4
  • Added platforms:
  • Elbrus e1c+
  • Pic
  • Pic8
  • Mips

New in Cppcheck Portable 2.2 (Oct 5, 2020)

  • New checks:
  • Incorrect usage of mutexes and lock guards
  • Dereference end iterator
  • Iterating a known empty container
  • OutOfBounds check for iterators to containers
  • Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
  • Improved parser:
  • Various ast fixes
  • Clang parser:
  • The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
  • Improved bug hunting:
  • Variable constraints
  • Handling of multidimension arrays
  • Function calls, execute functions that are in same TU
  • Improved handling of containers
  • Several improvements for uninitialized variables check
  • Improved analysis of for loops
  • Added a hash value for warnings that can be used for suppressions
  • Improved data flow:
  • One more heuristic for ternary operators
  • Improved data flow for containers
  • CLI:
  • Fixed some addon execution problems when there are spaces etc
  • GUI:
  • Fix handling of tags
  • Exclude files
  • Cppcheck-htmlreport:
  • Several result files can be combined into 1 output
  • Suppressions:
  • Comments can be added at end of suppression in suppressions file

New in Cppcheck Portable 2.0 (May 11, 2020)

  • Several fixes to:
  • improve parsing
  • detect more bugs with existing checks
  • fix false alarms
  • Clang import:
  • Clang is a C/C++ compiler that has a very robust and well made parser.
  • Cppcheck will always use its internal parser by default. However there is now an option to use the Clang parser instead.
  • It is recommended that you use the default internal Cppcheck parser unless you notice that it fails to parse your code properly (syntax errors, strange false alarms).

New in Cppcheck Portable 1.89 (Oct 16, 2019)

  • Command line:
  • The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.
  • Compiling:
  • From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.
  • Improved checking:
  • Improved value flow analysis for pointer aliases
  • Improved checking for uninitialized variables/structs
  • Better checking of smart pointers
  • Better checking of global variables
  • Added Cppcheck annotations cppcheck_low(VALUE) and cppcheck_high(VALUE)
  • Shadow variables; warn when argument is shadowed
  • Warn if local reference variable can be const
  • CERT:
  • Added API01-C: Avoid laying out strings in memory directly before sensitive data
  • Added MSC24-C: Do not use deprecated or obsolescent functions
  • Added STR11-C: Do not specify the bound of a character array initialized with a string literal
  • MISRA:
  • Added rule 17.2
  • Added rule 18.4
  • Added rule 18.7
  • GUI:
  • Minor tweaks

New in Cppcheck Portable 1.88 (Aug 2, 2019)

  • Unique code analysis that detect various kinds of bugs in your code.
  • Both command line interface and graphical user interface are available.
  • Cppcheck has a strong focus on detecting undefined behaviour.
  • Features:
  • Unique code analysis that detect various kinds of bugs in your code.
  • Both command line interface and graphical user interface are available.
  • Cppcheck has a strong focus on detecting undefined behaviour.
  • Undefined behaviour:
  • Dead pointers
  • Division by zero
  • Integer overflows
  • Invalid bit shift operands
  • Invalid conversions
  • Invalid usage of STL
  • Memory management
  • Null pointer dereferences
  • Out of bounds checking
  • Uninitialized variables
  • Writing const data

New in Cppcheck Portable 1.87 (May 31, 2019)

  • Command line interface:
  • project can now import Cppcheck GUI projects.
  • New checks:
  • Condition is always true when array address is compared with 0.
  • function argument expression calculation has known result (#8830)
  • Improvements:
  • Better lifetime checking (using pointer/reference that points at deleted object)
  • Improved whole program analysis
  • Better handling of language extension var@address.
  • Many improvements in parser to handle templates, type aliases, etc better
  • Configuration:
  • new configuration for boost
  • much better wxwidgets configuration
  • Addons:
  • New addon for checking naming conventions. Naming conventions are configured in json file.
  • Performance:
  • According to daca@home Cppcheck-1.87 is in average 10% faster than Cppcheck-1.86.

New in Cppcheck Portable 1.83 (Apr 30, 2018)

  • Command line:
  • Fixes in parser
  • Improved loading of platform files.
  • GUI:
  • Few minor improvements in user interface
  • Code preview
  • Added MISRA addon integration
  • Platform can be selected in project settings
  • Fixed issue when loading xml results file
  • Addons:
  • We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.

New in Cppcheck Portable 1.82 (Jan 18, 2018)

  • Bug fixes:
  • Better handling of namespaces
  • Fixed false positives
  • Fixed parsing of compile databases
  • Fixed parsing of visual studio projects
  • Enhancements:
  • New check; Detect mistakes when there are multiple strcmp() in condition
  • New check; pointer calculation result can't be NULL unless there is overflow
  • New check; public interface of classes should be safe - detect possible division by zero
  • This check does not consider how Fred::setValue() is really called. If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful.
  • Fixed a few false negatives
  • More information in the cfg files

New in Cppcheck Portable 1.81 (Jan 18, 2018)

  • CPPCHECK:
  • New warning: Check if condition after an early return is overlapping and therefore always false.
  • Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu
  • Better handling of Visual Studio projects
  • GUI:
  • Compile: Qt5 is now needed to build the GUI
  • Compile: New qmake flag HAVE_QCHART
  • Project: You can now run cppcheck-addons
  • Project: We have integrated clang-tidy
  • Results view: Reload last results (if cppcheck build dir is used) when GUI is started
  • Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..)
  • Results view: Shows when warning first appeared (since date)
  • Results view: Suppress warnings through right-click menu
  • Statistics: Added charts (shown if Qt charts module is enabled during build)

New in Cppcheck Portable 1.80 (Sep 30, 2017)

  • Checking improvements:
  • Added platform for Atmel AVR 8 bit microcontrollers (avr8)
  • Better 'callstacks' in cppcheck messages
  • Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added motif.cfg
  • Various improvements to AST, ValueFlow analysis and template parsing
  • Command line changes:
  • Deprecated command line argument --append has been removed
  • New command line argument --plist-output to create .plist files
  • New command line argument --output-file to print output to file directly
  • Check OpenCL files (.cl)
  • GUI:
  • Support export of statistics to PDF
  • Several small usability improvements

New in Cppcheck Portable 1.79 (Jun 5, 2017)

  • General changes:
  • C++ code in C files is rejected now (use --language=c++ to enforce checking the code as C++)
  • Write function access type to XML dump
  • Checking improvements:
  • Improved configuration extraction in preprocessor
  • Improved accuracy of AST
  • Improved template parsing
  • Improved support for (STL) containers in SymbolDatabase
  • Improved support for C++11's 'auto' type
  • Experimental support for uninitialized variables in ValueFlow analysis
  • Added qt.cfg and sfml.cfg, improved several existing .cfg files
  • GUI:
  • Use CFGDIR macro

New in Cppcheck Portable 1.78 (May 2, 2017)

  • General changes:
  • Reduced memory usage by up to 10% by reducing size of token list
  • New checks:
  • Mismatching argument names between function declaration and definition
  • Detect classes which have a copy constructor but no copy operator and vice versa
  • Checking improvements:
  • Improved matching of overloaded functions
  • Improved ValueType analysis, especially related to allocations with "new" and C++11's "auto"
  • Improved support for C++11 brace initialization
  • Improved ValueFlow analysis
  • Improved template parsing
  • Improved detection of memory leaks
  • Improved nullpointer checking when nullptr and NULL are used
  • Detect array out of bounds across compilation units
  • Extended windows.cfg, posix.cfg and std.cfg

New in Cppcheck Portable 1.76.1 (Apr 2, 2017)

  • Bugfix to avoid hang.

New in Cppcheck Portable 1.75 (Oct 18, 2016)

  • General changes:
  • Improved CWE mapping of messages
  • Git pre-commit hook checks only added or modified files
  • Replaced internal preprocessor by the brand-new preprocessor 'simplecpp'
  • Improved Windows installer: Install a copy of the license instead of asking to accept it
  • The Windows x64 binaries are now compiled with profile guided optimization, resulting in a speedup of 11%
  • Improved manual, especially the chapter about Libraries
  • Improved CWE mapping
  • append is deprecated and will be removed in 1.80
  • New checks:
  • Detect passed by value for non-const variables and print message only if type size justifies optimization
  • Checking improvements:
  • Replaced simplification of enums by keeping and parsing them in the SymbolDatabase
  • Added support to Library for specifying the parameter used by allocating/deallocating functions
  • Improved support for integers defined in Libraries
  • Improved accuracy of ValueType analysis
  • Improved accuracy of VarID assignment, especially when dealing with structs and unions
  • Improved performance of VarID assignment, checking for struct member usage, buffer overrun checking and several simplifications
  • Added support for lots functions to windows.cfg and posix.cfg
  • Better support for operator overloads
  • Detect buffer overflows when %c is used with a width
  • Improved checking for sizeof() taken of wrong type
  • Support char literals when checking for conditions being always true or false
  • Reimplemented check for usage of boolean results used in bitwise operations based on ValueType
  • Improved checking for c_str() usage
  • Implemented support for trailing return types (C++11)
  • Improved support for digit separators (C++14)
  • Improved support for enum types in buffer overflow checking
  • Better handling of volatile variables when checking for redundant assignments
  • Properly support integer suffixes i64 and ui64
  • Support function arguments with default value in Libraries
  • Always set file0 attribute of error messages to identify the source file cppcheck was checking

New in Cppcheck Portable 1.73 (Apr 23, 2016)

  • General changes:
  • CWE mapping of messages
  • Translated manual to Japanese language
  • Removed checks:
  • Checks for variables hiding enums or typedefs have been removed
  • New checks:
  • Checking improvements:
  • Improved ValueType a lot, use it in more checks
  • Improved VarId support for template constructors, namespaces and references as class members
  • Improved libraries, especially gnu.cfg, posix.cfg and windows.cfg
  • Improved simplification of enums and templates
  • Better distinguishing between possible and known null pointer dereferenciations
  • Assume integers to be signed by default
  • better support for cplusplus macro in preprocessor
  • Preprocessor directives for addons
  • New tools: times-vs.py, reduce.py
  • GUI:
  • Detect Geany and QtCreator
  • Make statistics dialog shown when checking is finished optional

New in Cppcheck Portable 1.72 (Feb 3, 2016)

  • General changes:
  • Added platform files to customize characteristics of different target platforms - Added setting to configure the default sign of integral variables and bit size of type 'char'
  • Added option -E (only preprocess the code)
  • Option --dump now outputs data for each configurations, not only the last one - Several qmake project files have been removed
  • Removed checks:
  • Check for unnecessary forward declaration has been removed
  • New checks:
  • Warn about shifting negative values
  • Detect statements with undefined execution order
  • Added a generic check to discourage usage of specific functions, replacing CheckNonReentrantFunctions and CheckObsoleteFunctions Checking
  • Improvements:
  • Several improvements to ValueFlow analysis
  • Improved ValueType handling, refactored several checks to make use of it
  • Improved memory leak checking
  • Improved Container specification in Library files, rewrote some checks based on it
  • Improved handling of character literals
  • Improved checking for non-interlocked accesses
  • Properly support types in namespace std
  • Added some validation mechanisms to avoid crashs
  • GUI:
  • Improved Library editor
  • Support "Enter" key in results tree
  • Properly detect editors on 64-Bit Windows
  • Added Japanese translation
  • Allow opening project file without extra parameter from command line Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck Portable 1.70 (Oct 29, 2015)

  • General changes:
  • New version of .cfg file format, adding support for namespaces and declaring several functions at once
  • Support building x64 installer for Windows; Both x64 and x86 builds are now provided
  • Warn about deprecated options --suppressions and --exitcode-suppressions. They will be removed in future
  • Added debugging option --debug-normal, which prints out debug output before second stage simplification
  • New checks:
  • Warn about modifying string literals
  • Detect declaration of variable length arrays with negative size
  • Warn about implicit type conversion from int to long
  • Warn about redundant code in conditions like (y || (!y && z))
  • Detect conditions with known result
  • Race condition: non-interlocked access after InterlockedDecrement()
  • Detect unused 'goto' labels
  • Removed checks:
  • Do no longer warn about a bug in scanf implementation of ancient glibc versions
  • Multifile analysis (added in 1.69) has been removed because it did not work
  • Removed ExecutionPath checker, which has been superseeded by ValueFlow analysis
  • Improvements:
  • Support hexadecimal floating point numbers (C99)
  • Support [[deprecated]] (C++14)
  • Improved handling of sizeof()
  • Improved handling of reserved keywords
  • Better handling of C declaration specifiers; support complex/_Complex (C99)
  • Better handling of ternary operator in ValueFlow analysis
  • Lots of improvements to .cfg files, especially std.cfg, which now supports namespace std
  • Improved performance and memory usage of Preprocessor
  • Improved performance of matchcompiler
  • Reduced Disk IO when ignoring paths
  • Removed several obsolete simplifications
  • Added python addons: naming.py, threadsafety.py and cert.py
  • GUI:
  • Support printing
  • Added item "Open containing folder" to context menu

New in Cppcheck Portable 1.69 (Jun 1, 2015)

  • General changes:
  • Added flag --platform=native, when it is used type sizes and behaviour of host system are used
  • Backward compatibility for Libary files is now working. Future cppcheck versions will be able to use libraries written for previous versions
  • Windows 32 bit builds now set /LARGEADDRESSAWARE, so that they can use up to 4 GiB
  • New checks:
  • Detect bad bitmask checks (usage of | where & should be used)
  • Suggest usage of "explicit" for constructors with a single parameter
  • Suggest usage of make_shared/make_unique
  • Warn about usage of malloc with auto_ptr
  • Detect redundant pointer operations like &*ptr
  • Improvements:
  • Support std::array (C++11)
  • Detect same expressions in both branches of a ternary operator
  • New -tags in libraries to configure STL (and similar) container types
  • Several improvements to ValueFlow analysis (for example support for default function arguments)
  • Improved buffer overrun and memory leak checking
  • Removed a bunch of redundant checking code
  • Removed several simplifications
  • Stronger matching of library functions
  • Lots of additions to std.cfg and posix.cfg
  • New library for Microsoft SAL (microsoft_sal.cfg)
  • Improved C++11 template parsing (">>" as closing brackets, variadic templates)
  • Added statistics to htmlreport
  • GUI:
  • Fixed language selection

New in Cppcheck Portable 1.68 (Jan 20, 2015)

  • New checks:
  • Multifile checking for buffer overruns and uninitialized variables
  • Improvements:
  • Libraries are now able to contain platform specific types
  • Improved handling of function overloads
  • Improved handling of integer literal suffixes
  • Improved stability of template parsing
  • Improved accuracy of ValueFlow analysis
  • Improved checking of pointer overflow
  • Support noexcept(false)
  • Support __attribute__((noreturn))
  • A bunch of additions to several Libraries, especially posix.cfg and qt.cfg

New in Cppcheck Portable 1.67 (Oct 29, 2014)

  • General changes:
  • Library files have now a 'format' attribute. Format version 1 is assumed by default
  • Cppcheck does no longer abort checking if unhandled characters (Non-ASCII) are found
  • New checks:
  • Check for unused return values
  • Detect shift by too many bits, signed integer overflow and dangerous sign conversion -
  • Recommend usage of expm1(), log1p(), erfc()
  • Division by sizeof() as parameter to memset/memcpy/memmove/etc. as they expect a size in bytes
  • Several new va_arg related checks:
  • Wrong parameter passed to va_start()
  • Reference passed to va_start()
  • Missing va_end()
  • Using va_list before it is opened
  • Subsequent calls to va_start/va_copy()
  • Initialization by itself in initializer list
  • Dead pointer usage when pointer alias local variable that has gone out of scope
  • Improvements:
  • Support uniform initialization syntax (C++11)
  • Much improvements to value flow analysis
  • Improved AST creation (support placement new, C++-style casts, templates, operator new[], ...)
  • Improved lambda support
  • Support GCC extension __attriute__((used)) and MSVC extension __declspec(property)
  • Better support for static member variables, inherited variables and namespaces
  • Improved typedef support where multiple variables are declared at once
  • Avoid checking code multiple times by calculating a checksum. Duplicate preprocessor configurations are eliminated by this.
  • Support C++03/C 'auto' keyword
  • HTML report: display 'verbose' message using clickable expandable divs Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck Portable 1.66 (Sep 6, 2014)

  • New checks:
  • Compare pointer with '\0'
  • Assigning boolean expression to floating point variables
  • Improvements:
  • Much improved AST
  • Much improved ValueFlow analysis
  • ValueFlow and AST now used by much more checks, improving checking accuracy and performance
  • Checking for self assignment now supports more complex expressions
  • Returning references to literals or references to calculation results is detected
  • Enhanced support for commutative operators in duplicate expression checking
  • Improved template/enum parsing
  • Much improved htmlreport
  • Definition of POD types in .cfg files
  • Definition of minsize for buffer arguments in .cfg files for buffer overflow checking
  • Fixed handling of #error: Do not report them if -f and -D are used together
  • New .cfg file for AVR platform
  • Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList if --dump is given
  • Improved performance in several cases
  • Windows Builds: Now compiled with VS2013, linked against Qt 5.3.1
  • GUI:
  • Platform settings are being saved now
  • Improved handling of (invalid) .cfg files
  • Use Win32W as default platform on Windows
  • Additionally, a large number of false positives and crashs has been fixed.

New in Cppcheck Portable 1.65 (Sep 6, 2014)

  • General changes:
  • Cppcheck requires a C++11 compiler supporting the common subset of features supported by GCC 4.4, Visual Studio 2010 and Clang 2.9
  • Problems with packaging and windows installer introduced in last release were fixed
  • Improvements:
  • Much improved support of complex combinations of function pointers, arrays and references
  • Better handling of syntax errors
  • Better detection of stack variables passed to free()
  • Much improved value flow analysis
  • More robust error detection in several checks due to usage of AST
  • Better handling of unknown Macros in function declarations
  • Allocation/Deallocation functions can be extend across different .cfg files
  • Better handling of some C++11 language features like enum class, in-class member initializers
  • Detect calling (std::)abs() with bool argument
  • New checks:
  • Check for noexcept and __attribute__((nothrow)) correctness
  • Check for unhandled exceptions when exception specifiers are used
  • Access to empty STL containers
  • Repositioning operation on a file opened in append mode
  • Find nested redundant if-statements (was experimental before)
  • Additionally, a large number of false positives and crashs has been fixed.

New in Cppcheck Portable 1.64 (Mar 3, 2014)

  • A new value flow analysis has been added. It is generic so the same analysis can be reused by various checkers - previously many checkers have had their own value flow and control flow analysis. The new value flow analysis performs context sensitive cross-function analysis. All checkers that uses this will automatically have cross-function context sensitive value flow analysis. The new analysis is gradually introduced in the checkers - the old analysis in a checker is kept until it is redundant. The new value flow analysis is so far used to detect:
  • division by zero
  • null pointer dereference
  • array index out of bounds
  • invalid function argument
  • Other Improvements:
  • Improved configurations for gtk, posix, sdl, std, windows
  • Warn when using negative allocation size
  • Check 2nd parameter for memset

New in Cppcheck Portable 1.63.1 (Feb 21, 2014)

  • New check:
  • Using pointer addition result in condition 'if (p+1)' - either a dereference is forgotten or it depends on UB (the result is only 0 if there is overflow, which is UB).
  • Improved checks:
  • Leaks - ignoring return value of allocation function
  • Uninitialized vars - check how uninitialized malloc data is used
  • Rewritten 'calculation in sizeof' using syntax tree
  • Rewritten 'clarify calculation' using syntax tree
  • Rewritten 'logical disjunction' using syntax tree
  • Rewritten 'duplicate expressions' using syntax tree
  • Rewritten 'invalidFunctionUsage' that uses the *.cfg files
  • GUI:
  • Library files can be enabled in the project dialog
  • Suppressions can be specified in the project dialog
  • Other:
  • Cppcheck is now continuosly scanning all the source code in the debian archive.
  • Fixes of templates handling, hangs, crashes and false positives

New in Cppcheck Portable 1.62 (Oct 28, 2013)

  • New checks:
  • Divide with variable and then compare to see if variable is 0
  • uplicated inherited member
  • Improved checking:
  • handling of >> in templates
  • format string checking
  • comparing bool result with integer
  • standard isgreater()/islower() functions
  • standard math functions
  • reassigning struct members
  • Htmlreport:
  • xml-version 2 is now handled

New in Cppcheck Portable 1.61 (Oct 28, 2013)

  • New checks:
  • arithmetical usage of inf/nan result
  • suspicious usage of comma in return statement
  • sizeof(void)
  • Improved checking:
  • better simplification of strlen
  • improved handling of array member variables 'x[y].z..'
  • Specific improvements in checks for buffer overruns, format strings, uninitialized variables
  • Command line:
  • Using both --max-configs and -D. Normally when -D is used, Cppcheck will only check the given configuration. By using --max-configs also, you can tell Cppcheck to check more configurations.
  • Added --library and --check-library.
  • Graphical user interface:
  • Somewhat improved response when stopping checking
  • Cppcheck core:
  • Extending checking with configuration files. Cppcheck has internal knowledge for standard C/C++ functions. Knowledge for libraries and environments can be specified using configuration files.
  • Rules: added that allow you to check 'raw' code and 'normal' code. In the 'raw' code, the comments and #include are already taken care of, but the #define statements can be analysed.

New in Cppcheck Portable 1.60.1 (Jun 10, 2013)

  • Bug fix in compiled patterns

New in Cppcheck Portable 1.59 (Apr 10, 2013)

  • Commandline/Settings changes:
  • New option to enable warnings but not style messages: --enable=warning
  • Cppcheck used to skip includes where the header filename is enclosed in . You can now include these headers also by using -I. It is still not required to include these headers so feel free to try it and then include the headers that give you the best results. The biggest problem with including many headers is that analysis gets slow.
  • New checks:
  • New POSIX checks: pipe() buffer size, redundant calls of set/get user id, too big value passed to usleep(), buffer overflow when using write()
  • Storing getc() return value in char variable and comparing to EOF.
  • Detect redundant bitand operations
  • Find suspicious equality comparisons like: if(a == 0) a == 1;
  • Warn about using malloc() for classes containing virtual methods, std::-objects or constructors
  • Portability check that warns when using NULL as argument to variadic function. It has undefined behavior on some implementations.
  • Improvements:
  • Improved lookup for functions and types
  • Switched to TinyXml2 as XML library
  • Improved checking for uninitialized struct members, variable scopes that can be reduced and unused functions
  • GUI:
  • Remember last path in open file dialog
  • Added command line parameter to open a results file
  • Bug in statistic calculation fixed Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

New in Cppcheck Portable 1.56 (Oct 16, 2012)

  • Commandline/Settings changes:
  • Code is considered to be C++11 or C11 compatible by default, added new standards to --std= option: c89, c11, c++03
  • '--inconclusive' has been made "official" and shown in help dialog
  • Improvements:
  • Uninstantiated templates are no longer removed from token list
  • Support 'using namespace std;' - 'std ::' added to C++ standard library types when 'using namespace std;' is found
  • Several error messages have been improved to be more understandable and consistent
  • Checking of pre-processor configurations that are considered invalid, because the macro used in #if is also used in the code, is now skipped.
  • New checks:
  • Detect incomplete array fill with memcpy/memset/memmove (inconclusive check)
  • Detect ineffective statememts like '*foo++;'
  • Check for negative right operand passed to shift operator
  • Detect comparison of char* variable with string literal
  • Check for return value of std::remove() and container.empty() being used
  • Detect member functions that can be declared static
  • Detect const variables that can be made a const reference
  • GUI:
  • Korean translation added
  • Additionally, lots of false positives have been fixed and several existing checks have been improved.

New in Cppcheck Portable 1.55 (Oct 16, 2012)

  • Cppcheck can now analyze source files that are UTF-16 encoded Faster checking. Some projects, for instance sqlite, is much quicker now. T
  • he difference when checking other projects is not big.
  • Removed deprecated command line options -s, --style, -a, --all, --auto-dealloc, --test-2-pass.
  • Improved C code analysis.
  • Better analysis of unknown types etc.
  • New check: comparison of modulo results that are always true/false. For instance: if (x % 5 == 5)
  • Improved checks to detect more bugs:
  • improved array index out of bounds
  • improved double deallocation
  • delete non-dynamic memory
  • missing break in switch
  • member variable not initialized
  • improved checking of format string parameters
  • improved 64-bit portability when returning pointer/int

New in Cppcheck Portable 1.54 (Oct 16, 2012)

  • Command line:
  • Added --relative-path
  • Improved checks to detect more bugs:
  • improved checking for buffer overruns on dynamically allocated memory (#3569)
  • when variable is compared against a value in condition, the variable value is known in the conditional block.
  • null pointer checking
  • handle more standard functions and improved checking of loops
  • more standard functions are checked
  • improved checking of loops
  • dangerous conditions
  • detect more bugs related to std::find and string::find usage
  • detect more sign extension problems
  • detect redundant .c_str() for strings
  • invalid pointer cast from float* to double*
  • more strict about int vs. bool
  • Preprocessor: extract more configurations => more code is checked
  • Unused functions
  • fixed false negatives for functions that returns reference
  • Better checking of sizeof * Improved "unused private function" checking
  • GUI:
  • Faster recheck: The "Recheck files" only rechecks the files that has been modified since the last scan

New in Cppcheck Portable 1.53 (Oct 16, 2012)

  • We have fixed many problems such as false positives, segmentation faults, etc.
  • We improved existing checks to detect more errors:
  • type checking for format string parameters
  • uninitialized variables
  • bad std::string usage
  • buffer overflow checking
  • iterator used on different containers
  • doublefree of pointer
  • null pointers
  • bad usage of isdigit/isgraph/isalpha/etc
  • wrong usage of std::find
  • more deprecated functions

New in Cppcheck Portable 1.52 (Oct 16, 2012)

  • wrong value passed to isgraph
  • missuse of std::cout
  • some warnings when sizeof is used on pointer variable
  • endless loop because of unsigned comparison
  • better check for missing break in switch (redundant strcpy)
  • using && instead of & in expression
  • wrong usage of printf/scanf/etc (format string and parameters mismatch)
  • useless calls of STL functions (wrong usage)
  • detect suspicious use of semicolon after if/for/while (--inconclusive)
  • added checking of readlink() usage
  • boolean comparison with string literals