@danmar danmar released this Oct 14, 2018 · 49 commits to master since this release

Assets 4

General:

  • We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
  • According to "daca@home" (http://cppcheck.osuosl.org:8000)
    • There are fewer crashes.
    • Cppcheck-1.85 is ~25% slower than Cppcheck-1.84

Checking improvements:

  • New check: Suggest STL algorithms instead of hard-coded for loops
  • New check: Warn about ineffective algorithms (same iterator passed)
  • New check: Mismatching iterators used together in operators
  • Container (STL/Qt/WxWidgets/etc) access out of bounds
  • Improved the checkers that warns about same/opposite expressions, track variable values better.
    • logical conjunctions
    • identical/opposite inner expressions
    • same expressions around operator
    • etc
  • Variable scope: warn about references also

Graphical user interface:

  • You can specify undefines in the project file dialog
  • Fixed configuration of suppressions
  • Windows: Fixed issue of wrong/no theme being applied to UI elements

Misra:

  • support per file excludes from cppcheck
  • support per file suppressions from cppcheck
  • summary will now summarize results for all files again
  • a few false positives were fixed

@danmar danmar released this Jun 12, 2018 · 577 commits to master since this release

Assets 4

New checks:

  • Same rhs expression used in consecutive assignments
  • Added more misra checkers
  • Function overrides base class function but is not marked with the override keyword

Improved checks:

  • Identical inner condition
  • Opposite expressions
  • Call to virtual function in constructor or destructor
  • Variable not initialized by private constructor
  • A class that has dynamic allocation needs copy constructor, assignment operator and destructor

Misc:

  • Various performance optimisations
  • Better support for C++17
  • --template=gcc format has been updated to match gcc output better.
  • We added a --template-location that can be used to format multiline messages.
  • Update --template so the piece of code with the warning can be shown
  • Symbol-based suppressions
  • XML based suppressions format

Addons:

  • cert.py: Attempting to cast away const
  • misc.py: String concatenation in array initialization
  • misc.py: Passing struct to ellipsis function
  • misc.py: Function overrides base class function but is not marked with the virtual keyword

Compiling: We dropped support for some old compilers. From now on you need gcc 4.6 or later / visual studio 2013 or later / other compiler with c++11 support.

@danmar danmar released this Apr 2, 2018 · 1094 commits to master since this release

Assets 4

Command line:

  • fixes in parser
  • Improved loading of platform files.

GUI:

  • few minor improvements in user interface
  • Code preview
  • Added MISRA addon integration
  • Platform can be selected in project settings
  • Fixed issue when loading xml results file

Addons:

  • We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.

@danmar danmar released this Jan 14, 2018 · 1426 commits to master since this release

Assets 4

Bug fixes:

  • Better handling of namespaces
  • Fixed false positives
  • Fixed parsing of compile databases
  • Fixed parsing of visual studio projects

Enhancements

  • New check; Detect mistakes when there are multiple strcmp() in condition
    Example:

    if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
    

    There is a missing '==0', and therefore this condition is always true except when password is "C".

  • New check; pointer calculation result can't be NULL unless there is overflow
    Example:

    someType **list_p = ...;
    if ((list_p + 1) == NULL)
    

    The result for '(list_p + 1)' can't be NULL unless there is overflow (UB).

  • New check; public interface of classes should be safe - detect possible division by zero
    Example:

    class Fred {
    public:
    void setValue(int mul, int div) {
      value = mul / div; // <- unsafe
    }
    ...
    

    This check does not consider how Fred::setValue() is really called.
    If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful.

  • Fixed a few false negatives

  • More information in the cfg files

@danmar danmar released this Oct 7, 2017 · 1768 commits to master since this release

Assets 7

CPPCHECK:

  • New warning: Check if condition after an early return is overlapping and therefore always false.
  • Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu
  • Better handling of Visual Studio projects

GUI:

  • Compile: Qt5 is now needed to build the GUI
  • Compile: New qmake flag HAVE_QCHART
  • Project: You can now run cppcheck-addons
  • Project: We have integrated clang-tidy
  • Results view: Reload last results (if cppcheck build dir is used) when GUI is started
  • Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..)
  • Results view: Shows when warning first appeared (since date)
  • Results view: Suppress warnings through right-click menu
  • Statistics: Added charts (shown if Qt charts module is enabled during build)

@danmar danmar released this Jul 29, 2017 · 2204 commits to master since this release

Assets 4

Checking improvements:

  • Added platform for Atmel AVR 8 bit microcontrollers (avr8)
  • Better 'callstacks' in cppcheck messages
  • Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added motif.cfg
  • Various improvements to AST, ValueFlow analysis and template parsing

Command line changes:

  • Deprecated command line argument --append has been removed
  • New command line argument --plist-output to create .plist files
  • New command line argument --output-file to print output to file directly
  • Check OpenCL files (.cl)

GUI:

  • Support export of statistics to PDF
  • Several small usability improvements

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

@danmar danmar released this May 13, 2017 · 2485 commits to master since this release

Assets 4

General changes:

  • C++ code in C files is rejected now (use --language=c++ to enforce checking the code as C++)
  • Write function access type to XML dump

Checking improvements:

  • Improved configuration extraction in preprocessor
  • Improved accuracy of AST
  • Improved template parsing
  • Improved support for (STL) containers in SymbolDatabase
  • Improved support for C++11's 'auto' type
  • Experimental support for uninitialized variables in ValueFlow analysis
  • Added qt.cfg and sfml.cfg, improved several existing .cfg files

GUI:

  • Use CFGDIR macro

Windows installer:

  • We have dropped support for Windows XP in the precompiled binary. It was too much work to maintain the toolset.

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

@danmar danmar released this Apr 1, 2017 · 2759 commits to master since this release

Assets 4

General changes:

  • Reduced memory usage by up to 10% by reducing size of token list

New checks:

  • Mismatching argument names between function declaration and definition
  • Detect classes which have a copy constructor but no copy operator and vice versa

Checking improvements:

  • Improved matching of overloaded functions
  • Improved ValueType analysis, especially related to allocations with "new" and C++11's "auto"
  • Improved support for C++11 brace initialization
  • Improved ValueFlow analysis
  • Improved template parsing
  • Improved detection of memory leaks
  • Improved nullpointer checking when nullptr and NULL are used
  • Detect array out of bounds across compilation units
  • Extended windows.cfg, posix.cfg and std.cfg

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

@danmar danmar released this Dec 31, 2016 · 2970 commits to master since this release

Assets 4

General changes:

  • Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking
  • Improved --project support for Visual Studio solutions

Removed checks:

New checks:

  • Detect pointer overflow
  • Detect usage of variable after std::move or std::forward

Checking improvements:

  • Warn about number and char literals in boolean expressions
  • Improved checking for variables modified but not used again
  • Libraries: Added support to specify
  • Improved ValueFlow, especially related to function return values and casts
  • Improved simplification of Null values to allow more accurate checking
  • Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg
  • Reimplemented check for using iterators of mismatching containers

GUI:

  • Support build directory as in CLI

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.