All Versions
16
Latest Version
2.3
Avg Release Cycle
87 days
Latest Release
88 days ago

Changelog History
Page 1

  • v2.3

    December 05, 2020

    ๐Ÿ‘Œ Improved C++ parser:

    • types
    • wrong operands in ast
    • ๐Ÿ‘ better simplification of templates

    ๐Ÿ‘Œ Improved clang import, various fixes.
    ๐Ÿ‘Œ Improved value flow analysis

    ๐Ÿ›  Fixed false positives

    ๐Ÿ‘Œ Improved configuration in library files

    • boost.cfg
    • โœ… googletest.cfg
    • qt.cfg
    • ๐Ÿ windows.cfg
    • wxwidgets.cfg

    โž• Added several Misra rules:

    • 6.1
    • 6.2
    • 7.2
    • 7.4
    • 9.2
    • 10.2
    • 15.4

    โž• Added platforms:

    • elbrus e1c+
    • pic
    • pic8
    • mips
  • v2.2

    October 03, 2020

    ๐Ÿ†• New checks:

    • ๐Ÿ”’ incorrect usage of mutexes and lock guards
    • Dereference end iterator
    • Iterating a known empty container
    • outOfBounds check for iterators to containers

    โœ‚ Removed 'operator=' check that ensures reference to self is returned. That is not about safety.

    ๐Ÿ‘Œ Improved parser

    • ๐Ÿ›  various ast fixes

    ๐Ÿ“œ Clang parser

    • The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.

    ๐Ÿ‘Œ Improved bug hunting

    • variable constraints
    • handling of multidimension arrays
    • function calls, execute functions that are in same TU
    • ๐Ÿ‘Œ improved handling of containers
    • several improvements for uninitialized variables check
    • ๐Ÿ‘Œ improved analysis of for loops
    • โž• added a hash value for warnings that can be used for suppressions

    ๐Ÿ‘Œ Improved data flow

    • one more heuristic for ternary operators
    • ๐Ÿ‘Œ improved data flow for containers

    CLI:

    • ๐Ÿ›  Fixed some addon execution problems when there are spaces etc

    GUI:

    • ๐Ÿ›  Fix handling of tags
    • Exclude files

    cppcheck-htmlreport:

    • several result files can be combined into 1 output

    Suppressions:

    • comments can be added at end of suppression in suppressions file
  • v2.1

    June 13, 2020

    ๐Ÿš€ This is a minor release.

    ๐Ÿ— We have tweaked build scripts.

    • ๐Ÿ‘ When you use USE_Z3=yes, we will handle new versions of z3 better. If you have an old z3 library and get compilation problems you will need to add a z3_version.h in externals.
    • โšก๏ธ The cmake scripts was updated.

    ๐Ÿ›  There was a couple of bug fixes.

    ๐Ÿ†• New check:

    • for "expression % 1" the result is always 0.
  • v2.0

    May 10, 2020

    Overview

    ๐Ÿ’ป The command line is not changed drastically. Your old cppcheck scripts should work as before.

    Compiling: There is a new dependency Z3. When compiling with the Makefile it is highly recommended to use "USE_Z3=yes".

    ๐Ÿ‘Œ Improved clang-tidy integration

    ๐Ÿ›  Several fixes to;

    • ๐Ÿ‘Œ improve parsing
    • detect more bugs with existing checks
    • ๐Ÿ›  fix false alarms

    Clang import

    ๐Ÿ“œ Clang is a C/C++ compiler that has a very robust and well made parser.

    0๏ธโƒฃ Cppcheck will always use its internal parser by default. However there is now an option to use the Clang parser instead.

    0๏ธโƒฃ It is recommended that you use the default internal Cppcheck parser unless you notice that it fails to parse your code properly (syntax errors, strange false alarms).

    ๐Ÿ› Bug hunting

    There is a new "soundy" analysis in Cppcheck that should detect most bugs. You should expect false alarms, however the false alarms will not be overwhelming.

    This new "soundy" analysis is not intended to replace normal Cppcheck analysis. There are use cases where false alarms can not be tolerated.

    We have added 1 checker and that checks for division by zero:

    • โœ… It detects all "integer division by zero" bugs in the Juliet test suite.
    • โœ… It detects all "division by zero" bugs in the ITC test suite.
    • ๐Ÿ‘€ There was 28 division by zero CVEs published in 2019 for C/C++ open source projects, and we could quickly see that 21 of the bugs are found by Cppcheck. There is no CVE bug that we know Cppcheck fails to diagnose. But there are 7 CVEs that would require additional investigation to establish if it is really detected or not.

    You can read more about this analysis in the "Bug hunting" chapter in the manual.

  • v1.90

    December 21, 2019

    ๐Ÿ†• New check:

    • alias to vector element invalid after vector is changed

    ๐Ÿ‘Œ Improved checking:

    • ๐Ÿ‘Œ improved value flow analysis for struct members
    • ๐Ÿ‘Œ improved value flow analysis for pointer alias

    CERT:

    • โž• Added ENV33-C: Do not call system()

    MISRA:

    • โž• Added rule 2.7
    • โž• Added rule 3.2
    • โž• Added rule 4.2
    • โž• Added rule 14.2
    • โž• Added rule 21.1
    • โž• Added rule 21.12
  • v1.89

    September 01, 2019

    ๐Ÿ’ป Command line:

    • โš  The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.

    Compiling:

    • From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.

    ๐Ÿ‘Œ Improved checking:

    • ๐Ÿ‘Œ improved value flow analysis for pointer aliases
    • ๐Ÿ‘Œ improved checking for uninitialized variables/structs
    • ๐Ÿ‘ better checking of smart pointers
    • ๐Ÿ‘ better checking of global variables
    • Added Cppcheck annotations cppcheck_low (VALUE) and cppcheck_high (VALUE)
    • shadow variables; warn when argument is shadowed
    • warn if local reference variable can be const

    CERT:

    • โž• Added API01-C: Avoid laying out strings in memory directly before sensitive data
    • โž• Added MSC24-C: Do not use deprecated or obsolescent functions
    • โž• Added STR11-C: Do not specify the bound of a character array initialized with a string literal

    MISRA:

    • โž• Added rule 17.2
    • โž• Added rule 18.4
    • โž• Added rule 18.7

    GUI:

    • Minor tweaks
  • v1.88

    June 29, 2019

    ๐Ÿ†• New checks:

    • Comparing pointers that point to different objects
    • โž• Address of local variable 'x' is accessed at non-zero index
    • STL usage: unnecessary search before insertion
    • Duplicate expression for condition and assignment: if (x==3) x=3;

    โž• Added --library configuration files for:

    • cppunit
    • libcerror
    • nspr
    • opengl
    • sqlite3

    ๐Ÿ‘ Better handling of C++14 and C++17

    ๐Ÿ’ป Command line:

    • ๐Ÿ†• New command line option --addon used to run addons directly from Cppcheck.
    • Some advanced options are only available in GUI:
      • remove unused declarations in header files to speedup analysis
      • remove unused templates to speedup analysis
      • when checking visual studio project, only check 1 configuration
      • max whole-program-analysis call stack depth
        ๐Ÿ’ป To get these features in command line tool, create a GUI project file and import that on command line using --project.

    GUI:

    • ๐Ÿ‘ started implementing theme support

    ๐Ÿ‘‰ Makefile:
    ๐Ÿ— Please use MATCHCOMPILER=yes instead of SRCDIR=build when compiling to enable the match compiler.

    Cert:

    • โž• add check exp15-c
    • โž• add check str03-c
    • โž• add check str05-c
    • โž• add check str07-c

    Misra:

    • โž• Add check 17.7
    • โž• Add check 20.7
    • โž• Add check 20.10
  • v1.87

    February 09, 2019

    ๐Ÿ’ป Command line interface:

    • --project can now import Cppcheck GUI projects.

    ๐Ÿ†• New checks:

    • Condition is always true when array address is compared with 0.
    • function argument expression calculation has known result (#8830)

    ๐Ÿ‘Œ Improvements:

    • ๐Ÿ‘ Better lifetime checking (using pointer/reference that points at deleted object)
    • ๐Ÿ‘Œ Improved whole program analysis
    • ๐Ÿ‘ Better handling of language extension [email protected].
    • ๐Ÿ“œ Many improvements in parser to handle templates, type aliases, etc better

    ๐Ÿ”ง Configuration:

    • ๐Ÿ†• new configuration for boost
    • ๐Ÿ”ง much better wxwidgets configuration

    โž• Addons:

    • ๐Ÿ†• New addon for checking naming conventions. Naming conventions are configured in json file.

    ๐ŸŽ Performance:
    According to [email protected] Cppcheck-1.87 is in average 10% faster than Cppcheck-1.86.

  • v1.86

    December 08, 2018

    General:

    • ๐Ÿ›  Many fixes in the template simplifier
    • ๐Ÿ›  Several fixes in the abstract syntax tree.

    Checking improvements:

    • ๐Ÿ†• New check: passing address of char to function that expects a strz
    • ๐Ÿ†• New check: shadow variables
    • ๐Ÿ‘Œ Improved lifetime checking
    • ๐Ÿ‘Œ Improved STL iterators checking
    • ๐Ÿ‘Œ Improved data flow analysis

    ๐Ÿ†• New libraries:

    • zlib
    • โœ… googletest

    โž• Addons:

    • ๐Ÿ›  misra.py: Fixes for suppressions and exclusions
    • namingng.py: New addon to check naming conventions. Rules are specified in json file.
  • v1.85

    October 14, 2018

    General:

    • ๐Ÿ‘ We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
    • According to "[email protected]" (http://cppcheck.osuosl.org:8000)
      • There are fewer crashes.
      • Cppcheck-1.85 is ~25% slower than Cppcheck-1.84

    Checking improvements:

    • ๐Ÿ†• New check: Suggest STL algorithms instead of hard-coded for loops
    • ๐Ÿ†• New check: Warn about ineffective algorithms (same iterator passed)
    • ๐Ÿ†• New check: Mismatching iterators used together in operators
    • Container (STL/Qt/WxWidgets/etc) access out of bounds
    • ๐Ÿ‘Œ Improved the checkers that warns about same/opposite expressions, track variable values better.
      • logical conjunctions
      • identical/opposite inner expressions
      • same expressions around operator
      • etc
    • Variable scope: warn about references also

    Graphical user interface:

    • You can specify undefines in the project file dialog
    • ๐Ÿ›  Fixed configuration of suppressions
    • ๐Ÿ Windows: Fixed issue of wrong/no theme being applied to UI elements

    Misra:

    • ๐Ÿ‘Œ support per file excludes from cppcheck
    • ๐Ÿ‘Œ support per file suppressions from cppcheck
    • summary will now summarize results for all files again
    • ๐Ÿ›  a few false positives were fixed