Analysis

• restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
• replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
• on Windows the callstack is now being written to the output specific via "--exception-handling"
• make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
• detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
• Add a match function to addon similiar to Token::Match used internally by cppcheck:
  • | for either-or tokens(ie struct|class to match either struct or class)
  • !! to negate a token
  • It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
  • It supports (*), {*}, [*], and <*> to match links
  • @ can be added to bind the token to a name
  • ** can be used to match until a token
• Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
• Further improve lifetime analysis with this pointers
• Propagate condition values from outer function calls
• Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces

Cppcheck Premium

GUI: Additional options to configure the Autosar, Cert C and Misra C++ coding standards Command line: A --premium option that is used to provide premium options

• Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
• SymbolDatabase can now deduce iterator types from how they are specified in the library files.
• ValueFlow can evaluate class member functions that return known values.
• Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
• Fix variableScope to not warn when variables are used in lambda functions
• Fix unassignedVariable warnings when using structured bindings
• Fix redundantInitialization warning when variable is used in a lambda
• Fix variableScope warnings when using if/while init-statement
• Improve lifetime analysis when returning variadic template expressions
• Detect more statements with constStatement
• Detect variableScope for more types
• Improvements to unreadVariable
• Detect more instances of C style casts
• Warn if the return value of new is discarded
• The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
• Extended library format to exclude specific function argument values

Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.

Various checker improvements.

Fixed false positives.

New checks in core cppcheck:

• missing return in function
• writing overlapping data, detect undefined behavior
• compared value is out of possible type range
• [perf] Copy elision optimization can't be applied for return std::move(local)
• file can not be opened for read and write access at the same time on different streams

Various improvements:

• Color output for diagnostics are added for unix-based platforms.
• Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
• Rules using the "define" tokenlist can also match #include as well.
• Library <function> tags can now use <container> tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
• Library <smart-pointer> tag can specify a <unique> tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
• Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
• htmlreport can now output author information (using git blame)
• More warnings about variables that is not const but can be const

Misra C 2012 compliance has been "completed" All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2. The rules 1.1 and 1.2 must be checked with a compiler. The rule 17.3 can be checked by a compiler, for instance GCC.

Parser:

• various fixes
• checked that all features in c++11, c++14, c++17 are supported
• c++20 support is improved but not complete yet

Core:

• improved library files, better knowledge about APIs
• improved checks to detect more bugs
• fixed checks to avoid unwanted warnings

Changed output:

• try to use relative paths when using compile databases, if compile database is accessed with relative path
• updated XML; The file0 attribute is moved from to

Misra:

• fixed crashes and false positives

New checks:

• suspicious container/iterator assignment in condition
• rethrow without current handled exception

Fixed windows installer, a file needed by the Misra addon was missing.

Fixed false negatives and false positives

New check; Detect one definition rule violations

Various improvements:

• MISRA improvements
• ImportProject fixes
• Various bug hunting improvements
• Fixes when importing AST from clang

Improved C++ parser:

• types
• wrong operands in ast
• better simplification of templates

Improved clang import, various fixes. Improved value flow analysis

Fixed false positives

Improved configuration in library files

• boost.cfg
• googletest.cfg
• qt.cfg
• windows.cfg
• wxwidgets.cfg

Added several Misra rules:

• 6.1
• 6.2
• 7.2
• 7.4
• 9.2
• 10.2
• 15.4

Added platforms:

• elbrus e1c+
• pic
• pic8
• mips

New checks:

• incorrect usage of mutexes and lock guards
• Dereference end iterator
• Iterating a known empty container
• outOfBounds check for iterators to containers

Removed 'operator=' check that ensures reference to self is returned. That is not about safety.

Improved parser

• various ast fixes

Clang parser

• The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.

Improved bug hunting

• variable constraints
• handling of multidimension arrays
• function calls, execute functions that are in same TU
• improved handling of containers
• several improvements for uninitialized variables check
• improved analysis of for loops
• added a hash value for warnings that can be used for suppressions

Improved data flow

• one more heuristic for ternary operators
• improved data flow for containers

CLI:

• Fixed some addon execution problems when there are spaces etc

GUI:

• Fix handling of tags
• Exclude files

cppcheck-htmlreport:

• several result files can be combined into 1 output

Suppressions:

• comments can be added at end of suppression in suppressions file

This is a minor release.

We have tweaked build scripts.

• When you use USE_Z3=yes, we will handle new versions of z3 better. If you have an old z3 library and get compilation problems you will need to add a z3_version.h in externals.
• The cmake scripts was updated.

There was a couple of bug fixes.

New check:

• for "expression % 1" the result is always 0.

Overview

The command line is not changed drastically. Your old cppcheck scripts should work as before.

Compiling: There is a new dependency Z3. When compiling with the Makefile it is highly recommended to use "USE_Z3=yes".

Improved clang-tidy integration

Several fixes to;

• improve parsing
• detect more bugs with existing checks
• fix false alarms

Clang import

Clang is a C/C++ compiler that has a very robust and well made parser.

Cppcheck will always use its internal parser by default. However there is now an option to use the Clang parser instead.

It is recommended that you use the default internal Cppcheck parser unless you notice that it fails to parse your code properly (syntax errors, strange false alarms).

Bug hunting

There is a new "soundy" analysis in Cppcheck that should detect most bugs. You should expect false alarms, however the false alarms will not be overwhelming.

This new "soundy" analysis is not intended to replace normal Cppcheck analysis. There are use cases where false alarms can not be tolerated.

We have added 1 checker and that checks for division by zero:

• It detects all "integer division by zero" bugs in the Juliet test suite.
• It detects all "division by zero" bugs in the ITC test suite.
• There was 28 division by zero CVEs published in 2019 for C/C++ open source projects, and we could quickly see that 21 of the bugs are found by Cppcheck. There is no CVE bug that we know Cppcheck fails to diagnose. But there are 7 CVEs that would require additional investigation to establish if it is really detected or not.

You can read more about this analysis in the "Bug hunting" chapter in the manual.

New check:

• alias to vector element invalid after vector is changed

Improved checking:

• improved value flow analysis for struct members
• improved value flow analysis for pointer alias

CERT:

• Added ENV33-C: Do not call system()

MISRA:

• Added rule 2.7
• Added rule 3.2
• Added rule 4.2
• Added rule 14.2
• Added rule 21.1
• Added rule 21.12

Command line:

• The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.

Compiling:

• From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.

Improved checking:

• improved value flow analysis for pointer aliases
• improved checking for uninitialized variables/structs
• better checking of smart pointers
• better checking of global variables
• Added Cppcheck annotations cppcheck_low(VALUE) and cppcheck_high(VALUE)
• shadow variables; warn when argument is shadowed
• warn if local reference variable can be const

CERT:

• Added API01-C: Avoid laying out strings in memory directly before sensitive data
• Added MSC24-C: Do not use deprecated or obsolescent functions
• Added STR11-C: Do not specify the bound of a character array initialized with a string literal

MISRA:

• Added rule 17.2
• Added rule 18.4
• Added rule 18.7

GUI:

• Minor tweaks

New checks:

• Comparing pointers that point to different objects
• Address of local variable 'x' is accessed at non-zero index
• STL usage: unnecessary search before insertion
• Duplicate expression for condition and assignment: if (x==3) x=3;

Added --library configuration files for:

• cppunit
• libcerror
• nspr
• opengl
• sqlite3

Better handling of C++14 and C++17

Command line:

• New command line option --addon used to run addons directly from Cppcheck.
• Some advanced options are only available in GUI:
  • remove unused declarations in header files to speedup analysis
  • remove unused templates to speedup analysis
  • when checking visual studio project, only check 1 configuration
  • max whole-program-analysis call stack depth To get these features in command line tool, create a GUI project file and import that on command line using --project.

GUI:

• started implementing theme support

Makefile: Please use MATCHCOMPILER=yes instead of SRCDIR=build when compiling to enable the match compiler.

Cert:

• add check exp15-c
• add check str03-c
• add check str05-c
• add check str07-c

Misra:

• Add check 17.7
• Add check 20.7
• Add check 20.10

Command line interface:

• --project can now import Cppcheck GUI projects.

New checks:

• Condition is always true when array address is compared with 0.
• function argument expression calculation has known result (#8830)

Improvements:

• Better lifetime checking (using pointer/reference that points at deleted object)
• Improved whole program analysis
• Better handling of language extension var@address.
• Many improvements in parser to handle templates, type aliases, etc better

Configuration:

• new configuration for boost
• much better wxwidgets configuration

Addons:

• New addon for checking naming conventions. Naming conventions are configured in json file.

Performance: According to daca@home Cppcheck-1.87 is in average 10% faster than Cppcheck-1.86.

General:

• Many fixes in the template simplifier
• Several fixes in the abstract syntax tree.

Checking improvements:

• New check: passing address of char to function that expects a strz
• New check: shadow variables
• Improved lifetime checking
• Improved STL iterators checking
• Improved data flow analysis

New libraries:

• zlib
• googletest

Addons:

• misra.py: Fixes for suppressions and exclusions
• namingng.py: New addon to check naming conventions. Rules are specified in json file.

General:

• We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
• According to "daca@home" (http://cppcheck.osuosl.org:8000)
  • There are fewer crashes.
  • Cppcheck-1.85 is ~25% slower than Cppcheck-1.84

Checking improvements:

• New check: Suggest STL algorithms instead of hard-coded for loops
• New check: Warn about ineffective algorithms (same iterator passed)
• New check: Mismatching iterators used together in operators
• Container (STL/Qt/WxWidgets/etc) access out of bounds
• Improved the checkers that warns about same/opposite expressions, track variable values better.
  • logical conjunctions
  • identical/opposite inner expressions
  • same expressions around operator
  • etc
• Variable scope: warn about references also

Graphical user interface:

• You can specify undefines in the project file dialog
• Fixed configuration of suppressions
• Windows: Fixed issue of wrong/no theme being applied to UI elements

Misra:

• support per file excludes from cppcheck
• support per file suppressions from cppcheck
• summary will now summarize results for all files again
• a few false positives were fixed

New checks:

• Same rhs expression used in consecutive assignments
• Added more misra checkers
• Function overrides base class function but is not marked with the override keyword

Improved checks:

• Identical inner condition
• Opposite expressions
• Call to virtual function in constructor or destructor
• Variable not initialized by private constructor
• A class that has dynamic allocation needs copy constructor, assignment operator and destructor

Misc:

• Various performance optimisations
• Better support for C++17
• --template=gcc format has been updated to match gcc output better.
• We added a --template-location that can be used to format multiline messages.
• Update --template so the piece of code with the warning can be shown
• Symbol-based suppressions
• XML based suppressions format

Addons:

• cert.py: Attempting to cast away const
• misc.py: String concatenation in array initialization
• misc.py: Passing struct to ellipsis function
• misc.py: Function overrides base class function but is not marked with the virtual keyword

Compiling: We dropped support for some old compilers. From now on you need gcc 4.6 or later / visual studio 2013 or later / other compiler with c++11 support.

Command line:

• fixes in parser
• Improved loading of platform files.

GUI:

• few minor improvements in user interface
• Code preview
• Added MISRA addon integration
• Platform can be selected in project settings
• Fixed issue when loading xml results file

Addons:

• We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.

Bug fixes:

• Better handling of namespaces
• Fixed false positives
• Fixed parsing of compile databases
• Fixed parsing of visual studio projects

Enhancements

• New check; Detect mistakes when there are multiple strcmp() in condition Example:

  if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
  

  There is a missing '==0', and therefore this condition is always true except when password is "C".

• New check; pointer calculation result can't be NULL unless there is overflow Example:

  someType **list_p = ...;
  if ((list_p + 1) == NULL)
  

  The result for '(list_p + 1)' can't be NULL unless there is overflow (UB).

• New check; public interface of classes should be safe - detect possible division by zero Example:

  class Fred {
  public:
  void setValue(int mul, int div) {
    value = mul / div; // <- unsafe
  }
  ...
  

  This check does not consider how Fred::setValue() is really called. If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful.

• Fixed a few false negatives

• More information in the cfg files

CPPCHECK:

• New warning: Check if condition after an early return is overlapping and therefore always false.
• Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu
• Better handling of Visual Studio projects

GUI:

• Compile: Qt5 is now needed to build the GUI
• Compile: New qmake flag HAVE_QCHART
• Project: You can now run cppcheck-addons
• Project: We have integrated clang-tidy
• Results view: Reload last results (if cppcheck build dir is used) when GUI is started
• Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..)
• Results view: Shows when warning first appeared (since date)
• Results view: Suppress warnings through right-click menu
• Statistics: Added charts (shown if Qt charts module is enabled during build)

Checking improvements:

• Added platform for Atmel AVR 8 bit microcontrollers (avr8)
• Better 'callstacks' in cppcheck messages
• Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added motif.cfg
• Various improvements to AST, ValueFlow analysis and template parsing

Command line changes:

• Deprecated command line argument --append has been removed
• New command line argument --plist-output to create .plist files
• New command line argument --output-file to print output to file directly
• Check OpenCL files (.cl)

GUI:

• Support export of statistics to PDF
• Several small usability improvements

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• C++ code in C files is rejected now (use --language=c++ to enforce checking the code as C++)
• Write function access type to XML dump

Checking improvements:

• Improved configuration extraction in preprocessor
• Improved accuracy of AST
• Improved template parsing
• Improved support for (STL) containers in SymbolDatabase
• Improved support for C++11's 'auto' type
• Experimental support for uninitialized variables in ValueFlow analysis
• Added qt.cfg and sfml.cfg, improved several existing .cfg files

GUI:

• Use CFGDIR macro

Windows installer:

• We have dropped support for Windows XP in the precompiled binary. It was too much work to maintain the toolset.

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• Reduced memory usage by up to 10% by reducing size of token list

New checks:

• Mismatching argument names between function declaration and definition
• Detect classes which have a copy constructor but no copy operator and vice versa

Checking improvements:

• Improved matching of overloaded functions
• Improved ValueType analysis, especially related to allocations with "new" and C++11's "auto"
• Improved support for C++11 brace initialization
• Improved ValueFlow analysis
• Improved template parsing
• Improved detection of memory leaks
• Improved nullpointer checking when nullptr and NULL are used
• Detect array out of bounds across compilation units
• Extended windows.cfg, posix.cfg and std.cfg

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking
• Improved --project support for Visual Studio solutions

Removed checks:

New checks:

• Detect pointer overflow
• Detect usage of variable after std::move or std::forward

Checking improvements:

• Warn about number and char literals in boolean expressions
• Improved checking for variables modified but not used again
• Libraries: Added support to specify
• Improved ValueFlow, especially related to function return values and casts
• Improved simplification of Null values to allow more accurate checking
• Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg
• Reimplemented check for using iterators of mismatching containers

GUI:

• Support build directory as in CLI

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Bugfix release

• avoid hang (http://trac.cppcheck.net/ticket/7753)

General changes:

• Completed CWE mapping
• Support opening project files of external build systems, including CMake and Visual Studio (CLI: --project)
• XML format version 1 is deprecated and will be removed in 1.81

Removed checks:

New checks:

Checking improvements:

• Improved checking for conditions that are always true/false
• Improved format string checking: Support more functions, support %h and %hh
• Improved std.cfg, windows.cfg and qt.cfg; added wxwidgets.cfg
• Improved ValueFlow analysis
• Improved SymbolDatabase accuracy
• Improved Preprocessor (simplecpp)
• Support base class methods in Library

GUI:

• Support opening project files from GUI
• Added .desktop file

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• Replaced internal preprocessor by the brand-new preprocessor 'simplecpp'
• Improved Windows installer: Install a copy of the license instead of asking to accept it
• The Windows x64 binaries are now compiled with profile guided optimization, resulting in a speedup of 11%
• Improved manual, especially the chapter about Libraries
• Improved CWE mapping
• --append is deprecated and will be removed in 1.80

New checks:

• Detect passed by value for non-const variables and print message only if type size justifies optimization

Checking improvements:

• Implemented support for trailing return types (C++11)
• Improved support for digit separators (C++14)
• Improved support for enum types in buffer overflow checking
• Better handling of volatile variables when checking for redundant assignments
• Properly support integer suffixes i64 and ui64
• Support function arguments with default value in Libraries
• Always set file0 attribute of error messages to identify the source file cppcheck was checking

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• Improved CWE mapping of messages
• Git pre-commit hook checks only added or modified files

Checking improvements:

• Replaced simplification of enums by keeping and parsing them in the SymbolDatabase
• Added support to Library for specifying the parameter used by allocating/deallocating functions
• Improved support for integers defined in Libraries
• Improved accuracy of ValueType analysis
• Improved accuracy of VarID assignment, especially when dealing with structs and unions
• Improved performance of VarID assignment, checking for struct member usage, buffer overrun checking and several simplifications
• Added support for lots functions to windows.cfg and posix.cfg
• Better support for operator overloads
• Detect buffer overflows when %c is used with a width
• Improved checking for sizeof() taken of wrong type
• Support char literals when checking for conditions being always true or false
• Reimplemented check for usage of boolean results used in bitwise operations based on ValueType
• Improved checking for c_str() usage

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

General changes:

• CWE mapping of messages
• Translated manual to Japanese language

Removed checks:

• Checks for variables hiding enums or typedefs have been removed

New checks:

Checking improvements:

• Improved ValueType a lot, use it in more checks
• Improved VarId support for template constructors, namespaces and references as class members
• Improved libraries, especially gnu.cfg, posix.cfg and windows.cfg
• Improved simplification of enums and templates
• Better distinguishing between possible and known null pointer dereferenciations
• Assume integers to be signed by default
• better support for __cplusplus macro in preprocessor
• Preprocessor directives for addons
• New tools: times-vs.py, reduce.py

GUI:

• Detect Geany and QtCreator
• Make statistics dialog shown when checking is finished optional

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.