Upstream changelog
==================
Cppcheck-1.76.1 has been released.
It has a bugfix to avoid hang.
Cppcheck-1.76 has been released.
General changes:
- Completed CWE mapping
- Support opening project files of external build systems, including CMake and Visual Studio (CLI: --project)
- XML format version 1 is deprecated and will be removed in 1.81
Removed checks:
New checks:
Checking improvements:
- Improved checking for conditions that are always true/false
- Improved format string checking: Support more functions, support %h and %hh
- Improved std.cfg, windows.cfg and qt.cfg; added wxwidgets.cfg
- Improved ValueFlow analysis
- Improved SymbolDatabase accuracy
- Improved Preprocessor (simplecpp)
- Support base class methods in Library
GUI:
- Support opening project files from GUI
- Added .desktop file
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
pkgsrc change: switch from qt4 to qt5 for GUI option.
Cppcheck-1.75 has been released
General changes:
- Replaced internal preprocessor by the brand-new preprocessor 'simplecpp'
- Improved Windows installer: Install a copy of the license instead of asking to accept it
- The Windows x64 binaries are now compiled with profile guided optimization, resulting in a speedup of 11%
- Improved manual, especially the chapter about Libraries
- Improved CWE mapping
- --append is deprecated and will be removed in 1.80
New checks:
- Detect passed by value for non-const variables and print message only if type size justifies optimization
Checking improvements:
- Implemented support for trailing return types (C++11)
- Improved support for digit separators (C++14)
- Improved support for enum types in buffer overflow checking
- Better handling of volatile variables when checking for redundant assignments
- Properly support integer suffixes i64 and ui64
- Support function arguments with default value in Libraries
- Always set file0 attribute of error messages to identify the source file cppcheck was checking
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
Cppcheck-1.74 has been released
General changes:
- Improved CWE mapping of messages
- Git pre-commit hook checks only added or modified files
Checking improvements:
- Replaced simplification of enums by keeping and parsing them in the SymbolDatabase
- Added support to Library for specifying the parameter used by allocating/deallocating functions
- Improved support for integers defined in Libraries
- Improved accuracy of ValueType analysis
- Improved accuracy of VarID assignment, especially when dealing with structs and unions
- Improved performance of VarID assignment, checking for struct member usage, buffer overrun checking and several simplifications
- Added support for lots functions to windows.cfg and posix.cfg
- Better support for operator overloads
- Detect buffer overflows when %c is used with a width
- Improved checking for sizeof() taken of wrong type
- Support char literals when checking for conditions being always true or false
- Reimplemented check for usage of boolean results used in bitwise operations based on ValueType
- Improved checking for c_str() usage
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
Cppcheck-1.73 has been released
General changes:
- CWE mapping of messages
- Translated manual to Japanese language
Removed checks:
- Checks for variables hiding enums or typedefs have been removed
New checks:
Checking improvements:
- Improved ValueType a lot, use it in more checks
- Improved VarId support for template constructors, namespaces and references as class members
- Improved libraries, especially gnu.cfg, posix.cfg and windows.cfg
- Improved simplification of enums and templates
- Better distinguishing between possible and known null pointer dereferenciations
- Assume integers to be signed by default
- better support for cplusplus macro in preprocessor
- Preprocessor directives for addons
- New tools: times-vs.py, reduce.py
GUI:
- Detect Geany and QtCreator
- Make statistics dialog shown when checking is finished optional
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
Cppcheck-1.72 has been released.
General changes:
- Added platform files to customize characteristics of different target platforms
- Added setting to configure the default sign of integral variables and bit size of type 'char'
- Added option -E (only preprocess the code)
- Option --dump now outputs data for each configurations, not only the last one
- Several qmake project files have been removed
Removed checks:
- Check for unnecessary forward declaration has been removed
New checks:
- Warn about shifting negative values
- Detect statements with undefined execution order (pre-C++11 code)
- Added a generic check to discourage usage of specific functions, replacing CheckNonReentrantFunctions and CheckObsoleteFunctions
Checking improvements:
- Several improvmenets to ValueFlow analysis
- Improved ValueType handling, refactored several checks to make use of it
- Improved memory leak checking
- Improved Container specification in Library files, rewrote some checks based on it
- Improved handling of character literals
- Improved checking for non-interlocked accesses
- Properly support <cstdint> types in namespace std
- Added some validation mechamisms to avoid crashs
GUI:
- Improved Library editor
- Support "Enter" key in results tree
- Properly detect editors on 64-Bit Windows
- Added Japanese translation
- Allow opening project file without extra parameter from command line
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
Cppcheck-1.71 has been released
General changes:
- The deprecated options --suppressions and --exitcode-suppressions have been removed
- .hh and .hxx files are now treated as C++ files
- Improved documentation (readmes and manuals)
- Internal errors (for example syntax error) are now suppressable
Removed checks:
- Check for unnecessary qualification has been removed
Checking improvements:
- Support range-based for-loops (C++11)
- Better support for C++11 style initialization
- Better support for lambdas (C++11)
- Support digit separators (C++14)
- Added determination of the type of an expression (ValueType)
- Support case ranges (GCC extension)
- Improved AST generation and added validation
- Improved value flow analysis
- Improved checking for unitialized arrays
- Improved VarId assignment for member variables
- Rewrote checking of char variables
- Known variable simplification has been removed partially in favour of value flow analysis
GUI:
- Added library editor
- Improved display of inconclusive messages
- Added option to enforce parsing as C or C++ code
- Show file that included a header in details view
- Added "Recheck all files" button, "Recheck files " renamed to "Rechecked modified files"
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
Cppcheck-1.70 has been released
General changes:
- New version of .cfg file format, adding support for namespaces and declaring several functions at once
- Support building x64 installer for Windows; Both x64 and x86 builds are now provided
- Warn about deprecated options --suppressions and --exitcode-suppressions. They will be removed in future
- Added debugging option --debug-normal, which prints out debug output before second stage simplification
New checks:
- Warn about modifying string literals
- Detect declaration of variable length arrays with negative size
- Warn about implicit type conversion from int to long
- Warn about redundant code in conditions like (y || (!y && z))
- Detect conditions with known result
- Race condition: non-interlocked access after InterlockedDecrement()
- Detect unused 'goto' labels
Removed checks:
- Do no longer warn about a bug in scanf implementation of ancient glibc versions
- Multifile analysis (added in 1.69) has been removed because it did not work
- Removed ExecutionPath checker, which has been superseeded by ValueFlow analysis
Improvements:
- Support hexadecimal floating point numbers (C99)
- Support [[deprecated]] (C++14)
- Improved handling of sizeof()
- Improved handling of reserved keywords
- Better handling of C declaration specifiers; support complex/_Complex (C99)
- Better handling of ternary operator in ValueFlow analysis
- Lots of improvements to .cfg files, especially std.cfg, which now supports namespace std
- Improved performance and memory usage of Preprocessor
- Improved performance of matchcompiler
- Reduced Disk IO when ignoring paths
- Removed several obsolete simplifications
- Added python addons: naming.py, threadsafety.py and cert.py
GUI:
- Support printing
- Added item "Open containing folder" to context menu
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
General changes:
- Added flag --platform=native, when it is used type sizes and behaviour of
host system are used
- Backward compatibility for Libary files is now working. Future cppcheck
versions will be able to use libraries written for previous versions
- Windows 32 bit builds now set /LARGEADDRESSAWARE, so that they can use up to
4 GiB
New checks:
- Detect bad bitmask checks (usage of | where & should be used)
- Suggest usage of "explicit" for constructors with a single parameter
- Suggest usage of make_shared/make_unique
- Warn about usage of malloc with auto_ptr
- Detect redundant pointer operations like &*ptr
Improvements:
- Support std::array (C++11)
- Detect same expressions in both branches of a ternary operator
- New <container>-tags in libraries to configure STL (and similar) container
types
- Several improvements to ValueFlow analysis (for example support for default
function arguments)
- Improved buffer overrun and memory leak checking
- Removed a bunch of redundant checking code
- Removed several simplifications
- Stronger matching of library functions
- Lots of additions to std.cfg and posix.cfg
- New library for Microsoft SAL (microsoft_sal.cfg)
- Improved C++11 template parsing (">>" as closing brackets, variadic
templates)
- Added statistics to htmlreport
GUI:
- Fixed language selection
Additionally, lots of false positives and bugs have been fixed and several
existing checks have been improved.
Cppcheck-1.66 has been released.
New checks:
- Compare pointer with '\0'
- Assigning boolean expression to floating point variables
Improvements:
- Much improved AST
- Much improved ValueFlow analysis
- ValueFlow and AST now used by much more checks, improving checking
accuracy and performance
- Checking for self assignment now supports more complex expressions
- Returning references to literals or references to calculation
results is detected
- Enhanced support for commutative operators in duplicate expression
checking
- Improved template/enum parsing
- Much improved htmlreport
- Definition of POD types in .cfg files
- Definition of minsize for buffer arguments in .cfg files for
buffer overflow checking
- Fixed handling of #error: Do not report them if -f and -D are
used together
- New .cfg file for AVR platform
- Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList if
--dump is given
- Improved performance in several cases
- Windows Builds: Now compiled with VS2013, linked against Qt 5.3.1
GUI:
- Platform settings are being saved now
- Improved handling of (invalid) .cfg files
- Use Win32W as default platform on Windows
Additionally, a large number of false positives and crashs has been
fixed.
Cppcheck-1.65 has been released.
General changes:
Cppcheck requires a C++11 compiler supporting the common subset
of features supported by GCC 4.4, Visual Studio 2010 and Clang
2.9
Problems with packaging and windows installer introduced in
last release were fixed
Improvements:
Much improved support of complex combinations of function
pointers, arrays and references
Better handling of syntax errors
Better detection of stack variables passed to free()
Much improved value flow analysis
More robust error detection in several checks due to usage of
AST
Better handling of unknown Macros in function declarations
Allocation/Deallocation functions can be extend across different
.cfg files
Better handling of some C++11 language features like enum class,
in-class member initializers
Detect calling (std::)abs() with bool argument
New checks:
Check for noexcept and __attribute__((nothrow)) correctness
Check for unhandled exceptions when exception specifiers are
used
Access to empty STL containers
Repositioning operation on a file opened in append mode
Find nested redundant if-statements (was experimental before)
Additionally, a large number of false positives and crashs has been
fixed.
cppcheck-1.64 has been released.
Value Flow
A new value flow analysis has been added. It is generic so the same
analysis can be reused by various checkers - previously many checkers
have had their own value flow and control flow analysis. The new
value flow analysis performs context sensitive cross-function
analysis. All checkers that uses this will automatically have
cross-function context sensitive value flow analysis. The new
analysis is gradually introduced in the checkers - the old analysis
in a checker is kept until it is redundant.
The new value flow analysis is so far used to detect:
division by zero
null pointer dereference
array index out of bounds
invalid function argument
Other Improvements
Improved configurations for gtk, posix, sdl, std, windows
Warn when using negative allocation size
Check 2nd parameter for memset
Cppcheck-1.63 has been released.
Maintainers:
The .cfg files are needed by cppcheck. Either put them in a subfolder
cfg
where the binary is. Otherwise compile cppcheck with CFGDIR to
specify an
arbitrary path where you put the .cfg files.
New check:
* Using pointer addition result in condition 'if (p+1)' - either
a dereference
is forgotten or it depends on UB (the result is only 0 if there is
overflow,
which is UB).
Improved checks:
* Leaks - ignoring return value of allocation function
* Uninitialized vars - check how uninitialized malloc data is used
* Rewritten 'calculation in sizeof' using syntax tree
* Rewritten 'clarify calculation' using syntax tree
* Rewritten 'logical disjunction' using syntax tree
* Rewritten 'duplicate expressions' using syntax tree
* Rewritten 'invalidFunctionUsage' that uses the *.cfg files
GUI:
* Library files can be enabled in the project dialog
* Suppressions can be specified in the project dialog
Other:
* Cppcheck is now continuosly scanning all the source code in the
debian archive.
Results: http://cppcheck.sourceforge.net/devinfo/daca2-report/daca2.html
* Fixes of templates handling, hangs, crashes and false positives
cppcheck-1.62
New checks
* Divide with variable and then compare to see if variable is 0
* Duplicated inherited member
Improved checking:
* handling of >> in templates
* format string checking
* comparing bool result with integer
* standard isgreater()/islower() functions
* standard math functions
* reassigning struct members
Htmlreport
xml-version 2 is now handled
New checks:
* arithmetical usage of inf/nan result
* suspicious usage of comma in return statement
* sizeof(void)
Improved checking:
* better simplification of strlen
* improved handling of array member variables 'x[y].z..'
* Specific improvements in checks for buffer overruns, format
strings, uninitialized variables
Command line:
* Using both --max-configs and -D. Normally when -D is used, Cppcheck
will only check the given configuration. By using --max-configs
also, you can tell Cppcheck to check more configurations.
* Added --library and --check-library.
Graphical user interface:
* Somewhat improved response when stopping checking
Cppcheck core:
* Extending checking with configuration files. Cppcheck has internal
knowledge for standard C/C++ functions. Knowledge for libraries
and environments can be specified using configuration files.
* Rules: added <tokenlist> that allow you to check 'raw' code and
'normal' code. In the 'raw' code, the comments and #include are
already taken care of, but the #define statements can be analysed.
Commandline/Settings changes:
* New option to enable warnings but not style messages: --enable=warning
* Cppcheck used to skip includes where the header filename is enclosed in <>. You can now include these headers also by using -I. It is still not required to include these headers so feel free to try it and then include the headers that give you the best results. The biggest problem with including many headers is that analysis gets slow.
New checks:
* New POSIX checks: pipe() buffer size, redundant calls of set/get user id, too big value passed to usleep(), buffer overflow when using write()
* Storing getc() return value in char variable and comparing to EOF.
* Detect redundant bitand operations
* Find suspicious equality comparisons like: if(a == 0) a == 1;
* Warn about using malloc() for classes containing virtual methods, std::-objects or constructors
* Portability check that warns when using NULL as argument to variadic function. It has undefined behaviour on some implementations.
Improvements:
* Improved lookup for functions and types
* Switched to TinyXml2 as XML library
* Improved checking for uninitialized struct members, variable scopes that can be reduced and unused functions
GUI:
* Remember last path in open file dialog
* Added command line parameter to open a results file
* Bug in statistic calculation fixed
Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.
cppcheck is a tool for static C/C++ code analysis intended to
complement the checking of the compiler. It checks for memory
leaks, mismatching allocation-deallocation, buffer overrun, unused
functions, coding style, and much more.
kamil
wiz
bsiegert
adam
reed