- update to 2.17.1:
* New checks:
- staticFunction: detect functions that should have internal
linkage since they are not used outside of their translation
unit (C code only).
- Check null pointer return from memory/resource allocation
functions (nullPointerOutOfMemory,
nullPointerArithmeticOutOfMemory, nullPointerOutOfResources,
ctunullpointerOutOfMemory,
ctunullpointerOutOfResources).
* Changed interface:
- Added `reduced` check level. It can be activated with
`--check-level=reduced`. You get faster analysis
but some fewer results. The motivation is to be able to make
analysis time "acceptable" for direct usage.
- Added `--report-type` option. Enables printing of guidelines
and classifications for several coding
standards in place of the regular error identifiers and
severities.
* Other:
- Removed deperecated support for builds via qmake.
- Using a handwritten rule texts file for MISRA C addon
violates license and copyright terms. See the
manual for instructions how to download a official rule
texts file from MISRA.
- switch to qt6
OBS-URL: https://build.opensuse.org/request/show/1248602
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=146
- update to 2.16.0
Improved checking:
* constVariable; checking multidimensional arrays
* constVariablePointer; nested array access
* deallocuse
Changed interface:
* SARIF output. Use --output-format=sarif to activate this.
* Add option --output-format=. Allowed formats are sarif and
xml.
Deprecations:
* The previously deprecated support for Python 2.7 has been
removed. Please use Python 3 instead.
* The maximum value for --max-ctu-depth is currently capped
at 10. This limitation will be removed in a future release.
Other:
* "missingInclude" is no longer implicitly enabled with
"information" - you need to enable it explicitly now.
* Fixed checkers report when --addon=misra.py or
--addon=misra.json is used.
OBS-URL: https://build.opensuse.org/request/show/1219208
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=140
- update to 2.15.0
* New check suspiciousFloatingPointCast flags unnecessary floating
point casts that cause loss of precision
* Added command-line option --cpp-header-probe (and
--no-cpp-header-probe) to probe headers and extension-less
files for Emacs marker
* Add support for 'CLICOLOR_FORCE'/'NO_COLOR' environment
variables to force/disable ANSI color output for diagnostics.
* Add "remark comments" that can be used to generate reports with
justifications for warnings
* The whole program analysis is now being executed when
"--project" is being used.
OBS-URL: https://build.opensuse.org/request/show/1198146
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=138
* Show premium autosar/misra/cert style issues even if --enable
is not used
* Better validation of --premium options
* unsafe handling of unconditional #error
* unsafe suppressions of critical errors
* missing "misra-config" warning, calling unknown function in
condition
* If --premium=safety is used then go to "safety mode". Do not
override this in cppcheck.cfg
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=124
- update to 2.13.0
* newCheck passedByValueCallback for functions which take a
parameter by value but are used as callbacks
* newCheck returnImplicitInt for C functions without return type
* newCheck iterateByValue for iterating by value in a range-based
for loop when a const reference could be used
- Drop patches werror-return-type.patch, eb076d87.patch, and
CVE-2023-39070.patch which are part of upstream or fixed in a
similar way.
OBS-URL: https://build.opensuse.org/request/show/1134958
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=122
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=113
* Many improvements and fixes in checkers.
* New check: use memset/memcpy instead of loop
CLI:
* if the file provided via "--file-list" cannot be opened it
will now error out
* add command-line option "--disable=" to individually disable
checks
GUI:
* Detect when installed version is old. There is setting in
Edit/Preferences to turn this on.
* Fix path issue with backslashes
* Cleanup *.ctu-info files after analysis
Build:
* the deprecated Makefile option SRCDIR is no longer accepted
* added CMake option BUILD_CORE_DLL to build lib as
cppcheck-core.dll with Visual Studio
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=102
* restored check for negative allocation (new[]) and negative VLA sizes from
cppcheck 1.87 (LCppC backport)
* replaced hardcoded check for pipe() buffer size by library configuration
option (LCppC backport)
* on Windows the callstack is now being written to the output specific via
"--exception-handling"
* make it possible to disable the various exception handling parts via the
CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and
"NO_WINDOWS_SEH"
* detect more redundant calls of std::string::c_str(), std::string::substr(),
and unnecessary copies of containers
* Add a match function to addon similiar to Token::Match used internally by
cppcheck:
* | for either-or tokens(ie struct|class to match either struct or class)
* !! to negate a token
* It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
* It supports (*), {*}, [*], and <*> to match links
* @ can be added to bind the token to a name
* ** can be used to match until a token
* Add math functions which can be used in library function definition. This
enables evaluation of more math functions in ValueFlow
* Further improve lifetime analysis with this pointers
* Propagate condition values from outer function calls
* Add debug intrinsics debug_valueflow and debug_valuetype to show more
detail including source backtraces
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=98
* Lifetime analysis can now track lifetime across user-defined constructors
when they are inline and using member initializer list.
* SymbolDatabase can now deduce iterator types from how they are specified in
the library files.
* ValueFlow can evaluate class member functions that return known values.
* Improve duplicateValueTenary to not warn when used as an lvalue or when one
branch has side effects
* Fix variableScope to not warn when variables are used in lambda functions
* Fix unassignedVariable warnings when using structured bindings
* Fix redundantInitialization warning when variable is used in a lambda
* Fix variableScope warnings when using if/while init-statement
* Improve lifetime analysis when returning variadic template expressions
* Detect more statements with constStatement
* Detect variableScope for more types
* Improvements to unreadVariable
* Detect more instances of C style casts
* Warn if the return value of new is discarded
* The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
* Extended library format to exclude specific function argument values
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=94
* Add support for container views. The view attribute has been added to the
<container> library tag to specify the class is a view. The lifetime
analysis has been updated to use this new attribute to find dangling
lifetime containers.
* Various checker improvements.
* Fixed false positives.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=85
- update to 2.6.2:
* New checks in core cppcheck:
* missing return in function
* writing overlapping data, detect undefined behavior
* compared value is out of possible type range
* Copy elision optimization can't be applied for return std::move(local)
* file can not be opened for read and write access at the same
time on different streams
* Various improvements
- drop 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/935858
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=83
* checked that all features in c++11, c++14, c++17 are supported
* c++20 support is improved but not complete yet
* improved library files, better knowledge about APIs
* improved checks to detect more bugs
* fixed checks to avoid unwanted warnings
* suspicious container/iterator assignment in condition
* rethrow without current handled exception
- drop 0002-Another-gcc11-fix-3179.patch, 0001-Fix-gcc11-build-errors.patch: upstream
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=81
- Update to version 2.3
Improved C++ parser:
* types
* wrong operands in ast
* better simplification of templates
Improved clang import, various fixes.
Improved value flow analysis
Fixed false positives
Improved configuration in library files
* boost.cfg
* googletest.cfg
* qt.cfg
* windows.cfg
* wxwidgets.cfg
Added several Misra rules:
* 6.1
* 6.2
* 7.2
* 7.4
* 9.2
* 10.2
* 15.4
Added platforms:
* elbrus e1c+
* pic
* pic8
* mips
- Update to version 2.2
New checks:
* incorrect usage of mutexes and lock guards
* Dereference end iterator
* Iterating a known empty container
* outOfBounds check for iterators to containers
Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
Improved parser
* various ast fixes
Clang parser
* The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
Improved bug hunting
* variable constraints
* handling of multidimension arrays
* function calls, execute functions that are in same TU
* improved handling of containers
* several improvements for uninitialized variables check
* improved analysis of for loops
* added a hash value for warnings that can be used for suppressions
Improved data flow
* one more heuristic for ternary operators
* improved data flow for containers
CLI:
* Fixed some addon execution problems when there are spaces etc
GUI:
* Fix handling of tags
* Exclude files
cppcheck-htmlreport:
* several result files can be combined into 1 output
Suppressions:
* comments can be added at end of suppression in suppressions file
OBS-URL: https://build.opensuse.org/request/show/855374
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=72
- Update to version 2.1
* We have tweaked build scripts.
* When you use USE_Z3=yes, we will handle new versions of z3 better. If you
have an old z3 library and get compilation problems you will need to add
a z3_version.h in externals.
* The cmake scripts was updated.
* There was a couple of bug fixes.
New check:
* for "expression % 1" the result is always 0.
- Run spec-cleaner
* Remove rpm groups
- Enable Z3 build flag
OBS-URL: https://build.opensuse.org/request/show/820762
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=70
- Update to version 1.90
* alias to vector element invalid after vector is changed
* improved value flow analysis for struct members
* improved value flow analysis for pointer alias
* CERT: Added ENV33-C: Do not call system()
* MISRA: added rules 2.7, 3.2, 4.2, 14.2, 21.1, 21.12
- update to version 1.89
* The default warning message format was changed. The new format
is similar to GCC. If you want to get warnings in the old
format, add --template=cppcheck1 to the command line.
* improved value flow analysis for pointer aliases
* improved checking for uninitialized variables/structs
* better checking of smart pointers
* better checking of global variables
* Added Cppcheck annotations cppcheck_low(VALUE) and
cppcheck_high(VALUE)
* shadow variables; warn when argument is shadowed
* warn if local reference variable can be const
* Added API01-C: Avoid laying out strings in memory directly
before sensitive data
* Added MSC24-C: Do not use deprecated or obsolescent functions
* Added STR11-C: Do not specify the bound of a character array
initialized with a string literal
* MISRA: added rules 17.2, 18.4, 18.7
OBS-URL: https://build.opensuse.org/request/show/781469
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=64
- Update to version 1.88:
* Comparing pointers that point to different objects
* Address of local variable 'x' is accessed at non-zero index
* STL usage: unnecessary search before insertion
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Better handling of C++14 and C++17
* New command line option --addon used to run addons directly from Cppcheck.
* Some advanced options are only available in GUI:
- Update to version 1.87:
* --project can now import Cppcheck GUI projects.
* Condition is always true when array address is compared with 0.
* function argument expression calculation has known result (#8830)
* Better lifetime checking (using pointer/reference that points at deleted object)
* Improved whole program analysis
* Better handling of language extension var@address.
* Many improvements in parser to handle templates, type aliases, etc better
* New addon for checking naming conventions. Naming conventions are configured in json file.
OBS-URL: https://build.opensuse.org/request/show/712743
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=62
