SHA256
1
0
forked from pool/cppcheck
cppcheck/cppcheck.changes

1141 lines
44 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Sat Jun 22 14:37:43 UTC 2024 - Christoph G <foss@grueninger.de>
- update to 2.14.2
* Justifications for warnings using comments in the code
* Fix alignas handling
-------------------------------------------------------------------
Mon May 27 07:17:31 UTC 2024 - Christoph G <foss@grueninger.de>
- update to 2.14.1
* Build: fix USE_MATCHCOMPILER CMake option validation
* Improve Checking: implement evaluation order checker for c++11
and later
-------------------------------------------------------------------
Fri Apr 26 20:39:37 UTC 2024 - Christoph G <foss@grueninger.de>
- update to 2.14.0
* New checks:
- eraseIteratorOutOfBounds: warns when erase() is called on an
iterator that is out of bounds
- returnByReference: warns when a large class member is returned
by value from a getter function
-------------------------------------------------------------------
Sun Mar 24 17:19:47 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.13.4:
* Speedup premium misra checking
-------------------------------------------------------------------
Mon Feb 5 09:43:34 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.13.3:
* settings.cpp: Update autosar+cert+misra checkers mappings
* Fix #12389 (GUI: premiumaddon is not executed properly anymore)
-------------------------------------------------------------------
Fri Jan 26 09:06:48 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.13.2:
* Fix premium version check
* Fix 12375
-------------------------------------------------------------------
Mon Jan 22 09:54:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.13.1:
* Show premium autosar/misra/cert style issues even if --enable
is not used
* Better validation of --premium options
* unsafe handling of unconditional #error
* unsafe suppressions of critical errors
* missing "misra-config" warning, calling unknown function in
condition
* If --premium=safety is used then go to "safety mode". Do not
override this in cppcheck.cfg
-------------------------------------------------------------------
Sun Dec 24 06:43:54 UTC 2023 - Christoph G <foss@grueninger.de>
- update to 2.13.0
* newCheck passedByValueCallback for functions which take a
parameter by value but are used as callbacks
* newCheck returnImplicitInt for C functions without return type
* newCheck iterateByValue for iterating by value in a range-based
for loop when a const reference could be used
- Drop patches werror-return-type.patch, eb076d87.patch, and
CVE-2023-39070.patch which are part of upstream or fixed in a
similar way.
-------------------------------------------------------------------
Wed Dec 20 23:14:07 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add CVE-2023-39070.patch (CVE-2023-39070, bsc#1215233)
-------------------------------------------------------------------
Thu Nov 9 10:21:24 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Replace disable-some-tests-about-char-signedness.patch with
upstream patch to fix tests on non-x86_64 (such as aarch64):
* eb076d87.patch
-------------------------------------------------------------------
Tue Sep 19 14:21:21 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.12.1:
* Support importing projects with project-name
-------------------------------------------------------------------
Thu Sep 14 11:18:59 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.12.0:
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
how much checking is made by Cppcheck. The default checking
level is "normal". If you feel that you can wait longer on
results you can use --check-level=exhaustive.
* It is no longer necessary to run "--check-config" to get
detailed "missingInclude" and "missingIncludeSystem"
messages. They will always be issued in the regular analysis
if "missingInclude" is enabled.
* "missingInclude" and "missingIncludeSystem" are reported with
"-j" is > 1 and processes are used in the backend (default in
non-Windows binaries)
* "missingInclude" and "missingIncludeSystem" will now cause
the "--error-exitcode" to be applied
* "--enable=information" will no longer implicitly enable
"missingInclude" starting with 2.16. Please enable it
explicitly if you require it.
* The `constParameter` and `constVariable` checks have been
split into 3 different IDs based on if the variable is a
pointer, a reference, or local. The different IDs will allow
users to suppress different const warning based on variable
type.
* `constParameter`
* `constParameterReference`
* `constParameterPointer`
* `constVariable`
* `constVariableReference`
* `constVariablePointer`
* More command-line parameters will now check if the given
integer argument is actually valid. Several other internal
string-to-integer conversions will now be error checked.
* scanning projects (with -j1) will now defer the analysis of
markup files until the whole code was processed
- add werror-return-type.patch to fix false warnings where
gcc can not properly detect the "noreturn" nature of the function
-------------------------------------------------------------------
Tue May 30 10:57:47 UTC 2023 - Manfred Schwarb <manfred99@gmx.ch>
- test suite quirks:
* Add patch disable-some-tests-about-char-signedness.patch, taken
from Debian, to disable test "TestCondition::alwaysTrueContainer"
which fails on "unsigned char" archs (arm, ppc)
* Run test suite with "-j1", as TestProcessExecutor test is flaky otherwise
-------------------------------------------------------------------
Wed Mar 29 12:13:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
- switch on Tumbleweed temporarily to gcc 12 to avoid
"allocator_traits<A>::rebind_alloc<A::value_type> must be A"
(as mentioned on https://gcc.gnu.org/gcc-13/porting_to.html)
-------------------------------------------------------------------
Wed Mar 15 20:23:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.10.3:
* SymbolDatabase: Fix handling of function pointer arguments
-------------------------------------------------------------------
Mon Feb 27 21:39:54 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.10.2:
* GUI: Set proper title for compliance report dialog
* GUI: Generate compliance report
* Tokenizer: tweaked simplification of function pointers
-------------------------------------------------------------------
Tue Jan 31 18:24:47 UTC 2023 - PragmaticLinux <info@pragmaticlinux.com>
- install files from the addons/ and platforms/ directories - boo#1207806
- correct shebang fix for htmlreport/cppcheck-htmlreport
-------------------------------------------------------------------
Mon Jan 30 12:07:50 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.10.0:
* Many improvements and fixes in checkers.
* New check: use memset/memcpy instead of loop
CLI:
* if the file provided via "--file-list" cannot be opened it
will now error out
* add command-line option "--disable=" to individually disable
checks
GUI:
* Detect when installed version is old. There is setting in
Edit/Preferences to turn this on.
* Fix path issue with backslashes
* Cleanup *.ctu-info files after analysis
Build:
* the deprecated Makefile option SRCDIR is no longer accepted
* added CMake option BUILD_CORE_DLL to build lib as
cppcheck-core.dll with Visual Studio
-------------------------------------------------------------------
Wed Dec 7 22:39:58 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.9.3:
* various GUI and premium feature handling bugfixes
-------------------------------------------------------------------
Sat Sep 17 16:28:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.9:
* restored check for negative allocation (new[]) and negative VLA sizes from
cppcheck 1.87 (LCppC backport)
* replaced hardcoded check for pipe() buffer size by library configuration
option (LCppC backport)
* on Windows the callstack is now being written to the output specific via
"--exception-handling"
* make it possible to disable the various exception handling parts via the
CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and
"NO_WINDOWS_SEH"
* detect more redundant calls of std::string::c_str(), std::string::substr(),
and unnecessary copies of containers
* Add a match function to addon similiar to Token::Match used internally by
cppcheck:
* | for either-or tokens(ie struct|class to match either struct or class)
* !! to negate a token
* It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
* It supports (*), {*}, [*], and <*> to match links
* @ can be added to bind the token to a name
* ** can be used to match until a token
* Add math functions which can be used in library function definition. This
enables evaluation of more math functions in ValueFlow
* Further improve lifetime analysis with this pointers
* Propagate condition values from outer function calls
* Add debug intrinsics debug_valueflow and debug_valuetype to show more
detail including source backtraces
-------------------------------------------------------------------
Sun Jul 17 16:14:50 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.8.2:
* do not allocate std::string when column is -1
* catch internal error during whole program analysis
* fix whole program analysis
-------------------------------------------------------------------
Tue Jun 7 21:17:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.8:
* Lifetime analysis can now track lifetime across user-defined constructors
when they are inline and using member initializer list.
* SymbolDatabase can now deduce iterator types from how they are specified in
the library files.
* ValueFlow can evaluate class member functions that return known values.
* Improve duplicateValueTenary to not warn when used as an lvalue or when one
branch has side effects
* Fix variableScope to not warn when variables are used in lambda functions
* Fix unassignedVariable warnings when using structured bindings
* Fix redundantInitialization warning when variable is used in a lambda
* Fix variableScope warnings when using if/while init-statement
* Improve lifetime analysis when returning variadic template expressions
* Detect more statements with constStatement
* Detect variableScope for more types
* Improvements to unreadVariable
* Detect more instances of C style casts
* Warn if the return value of new is discarded
* The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
* Extended library format to exclude specific function argument values
-------------------------------------------------------------------
Tue Apr 19 13:30:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.7.5:
* Import Project: Fix problem with define value with space
-------------------------------------------------------------------
Sat Mar 26 14:06:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.7.4:
* Fixes "undefined reference to `tinyxml2::"
* Replace tinyxml2_LIBRARY with tinyxml2_LIBRARIES
-------------------------------------------------------------------
Sun Mar 20 19:22:39 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.7.1:
* Add support for container views. The view attribute has been added to the
<container> library tag to specify the class is a view. The lifetime
analysis has been updated to use this new attribute to find dangling
lifetime containers.
* Various checker improvements.
* Fixed false positives.
- drop fix-i586.patch (obsolete)
-------------------------------------------------------------------
Sat Dec 18 08:34:22 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.6.3:
* Fix execution of executable addons from GUI
-------------------------------------------------------------------
Sun Dec 5 20:41:11 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.6.2:
* New checks in core cppcheck:
* missing return in function
* writing overlapping data, detect undefined behavior
* compared value is out of possible type range
* Copy elision optimization can't be applied for return std::move(local)
* file can not be opened for read and write access at the same
time on different streams
* Various improvements
- drop 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch (upstream)
-------------------------------------------------------------------
Sun Sep 19 09:10:14 UTC 2021 - Christophe Giboudeaux <christophe@krop.fr>
- Add glibc 2.34 build fix:
* 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch
-------------------------------------------------------------------
Sat Jul 17 13:10:26 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.5:
* checked that all features in c++11, c++14, c++17 are supported
* c++20 support is improved but not complete yet
* improved library files, better knowledge about APIs
* improved checks to detect more bugs
* fixed checks to avoid unwanted warnings
* suspicious container/iterator assignment in condition
* rethrow without current handled exception
- drop 0002-Another-gcc11-fix-3179.patch, 0001-Fix-gcc11-build-errors.patch: upstream
-------------------------------------------------------------------
Tue Jun 1 09:00:08 UTC 2021 - Christophe Giboudeaux <christophe@krop.fr>
- Add GCC compatibility fixes:
* 0001-Fix-gcc11-build-errors.patch
* 0002-Another-gcc11-fix-3179.patch
-------------------------------------------------------------------
Mon May 10 06:49:08 UTC 2021 - Stephan Kulow <coolo@suse.com>
- add fix-i586.patch to fix compilation on i586, where the test
case tests the wrong IntRange
-------------------------------------------------------------------
Wed Mar 24 08:12:09 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.4.1:
* fix for windows installer, no other changes
-------------------------------------------------------------------
Mon Mar 22 21:23:13 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.4:
* Detect one definition rule violations
* MISRA improvements
* ImportProject fixes
* Various bug hunting improvements
* Fixes when importing AST from clang
-------------------------------------------------------------------
Accepting request 855374 from home:milsav92:branches:devel:tools - Update to version 2.3 Improved C++ parser: * types * wrong operands in ast * better simplification of templates Improved clang import, various fixes. Improved value flow analysis Fixed false positives Improved configuration in library files * boost.cfg * googletest.cfg * qt.cfg * windows.cfg * wxwidgets.cfg Added several Misra rules: * 6.1 * 6.2 * 7.2 * 7.4 * 9.2 * 10.2 * 15.4 Added platforms: * elbrus e1c+ * pic * pic8 * mips - Update to version 2.2 New checks: * incorrect usage of mutexes and lock guards * Dereference end iterator * Iterating a known empty container * outOfBounds check for iterators to containers Removed 'operator=' check that ensures reference to self is returned. That is not about safety. Improved parser * various ast fixes Clang parser * The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems. Improved bug hunting * variable constraints * handling of multidimension arrays * function calls, execute functions that are in same TU * improved handling of containers * several improvements for uninitialized variables check * improved analysis of for loops * added a hash value for warnings that can be used for suppressions Improved data flow * one more heuristic for ternary operators * improved data flow for containers CLI: * Fixed some addon execution problems when there are spaces etc GUI: * Fix handling of tags * Exclude files cppcheck-htmlreport: * several result files can be combined into 1 output Suppressions: * comments can be added at end of suppression in suppressions file OBS-URL: https://build.opensuse.org/request/show/855374 OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=72
2020-12-16 14:21:00 +01:00
Sat Dec 12 15:28:36 UTC 2020 - Milan Savić <milsav92@outlook.com>
- Update to version 2.3
Improved C++ parser:
* types
* wrong operands in ast
* better simplification of templates
Improved clang import, various fixes.
Improved value flow analysis
Fixed false positives
Improved configuration in library files
* boost.cfg
* googletest.cfg
* qt.cfg
* windows.cfg
* wxwidgets.cfg
Added several Misra rules:
* 6.1
* 6.2
* 7.2
* 7.4
* 9.2
* 10.2
* 15.4
Added platforms:
* elbrus e1c+
* pic
* pic8
* mips
- Update to version 2.2
New checks:
* incorrect usage of mutexes and lock guards
* Dereference end iterator
* Iterating a known empty container
* outOfBounds check for iterators to containers
Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
Improved parser
* various ast fixes
Clang parser
* The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
Improved bug hunting
* variable constraints
* handling of multidimension arrays
* function calls, execute functions that are in same TU
* improved handling of containers
* several improvements for uninitialized variables check
* improved analysis of for loops
* added a hash value for warnings that can be used for suppressions
Improved data flow
* one more heuristic for ternary operators
* improved data flow for containers
CLI:
* Fixed some addon execution problems when there are spaces etc
GUI:
* Fix handling of tags
* Exclude files
cppcheck-htmlreport:
* several result files can be combined into 1 output
Suppressions:
* comments can be added at end of suppression in suppressions file
Accepting request 855374 from home:milsav92:branches:devel:tools - Update to version 2.3 Improved C++ parser: * types * wrong operands in ast * better simplification of templates Improved clang import, various fixes. Improved value flow analysis Fixed false positives Improved configuration in library files * boost.cfg * googletest.cfg * qt.cfg * windows.cfg * wxwidgets.cfg Added several Misra rules: * 6.1 * 6.2 * 7.2 * 7.4 * 9.2 * 10.2 * 15.4 Added platforms: * elbrus e1c+ * pic * pic8 * mips - Update to version 2.2 New checks: * incorrect usage of mutexes and lock guards * Dereference end iterator * Iterating a known empty container * outOfBounds check for iterators to containers Removed 'operator=' check that ensures reference to self is returned. That is not about safety. Improved parser * various ast fixes Clang parser * The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems. Improved bug hunting * variable constraints * handling of multidimension arrays * function calls, execute functions that are in same TU * improved handling of containers * several improvements for uninitialized variables check * improved analysis of for loops * added a hash value for warnings that can be used for suppressions Improved data flow * one more heuristic for ternary operators * improved data flow for containers CLI: * Fixed some addon execution problems when there are spaces etc GUI: * Fix handling of tags * Exclude files cppcheck-htmlreport: * several result files can be combined into 1 output Suppressions: * comments can be added at end of suppression in suppressions file OBS-URL: https://build.opensuse.org/request/show/855374 OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=72
2020-12-16 14:21:00 +01:00
-------------------------------------------------------------------
Mon Jul 13 21:16:05 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
- Update to version 2.1
* We have tweaked build scripts.
* When you use USE_Z3=yes, we will handle new versions of z3 better. If you
have an old z3 library and get compilation problems you will need to add
a z3_version.h in externals.
* The cmake scripts was updated.
* There was a couple of bug fixes.
New check:
* for "expression % 1" the result is always 0.
- Run spec-cleaner
* Remove rpm groups
- Enable Z3 build flag
-------------------------------------------------------------------
Thu Mar 12 12:54:24 UTC 2020 - Vladislav Savic <vladisav@gmx.com>
- Since cppcheck version 1.89 CFGDIR is replaced by FILESDIR and
cfg files are no longer kept in FILESDIR but in subfolder FILESDIR/cfg.
-------------------------------------------------------------------
Wed Mar 4 12:17:56 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
- Use cmake macros
-------------------------------------------------------------------
Wed Mar 4 11:32:52 UTC 2020 - Danny Al-Gaaf <opensuse@bisect.de>
- Update to version 1.90
* alias to vector element invalid after vector is changed
* improved value flow analysis for struct members
* improved value flow analysis for pointer alias
* CERT: Added ENV33-C: Do not call system()
* MISRA: added rules 2.7, 3.2, 4.2, 14.2, 21.1, 21.12
- update to version 1.89
* The default warning message format was changed. The new format
is similar to GCC. If you want to get warnings in the old
format, add --template=cppcheck1 to the command line.
* improved value flow analysis for pointer aliases
* improved checking for uninitialized variables/structs
* better checking of smart pointers
* better checking of global variables
* Added Cppcheck annotations cppcheck_low(VALUE) and
cppcheck_high(VALUE)
* shadow variables; warn when argument is shadowed
* warn if local reference variable can be const
* Added API01-C: Avoid laying out strings in memory directly
before sensitive data
* Added MSC24-C: Do not use deprecated or obsolescent functions
* Added STR11-C: Do not specify the bound of a character array
initialized with a string literal
* MISRA: added rules 17.2, 18.4, 18.7
-------------------------------------------------------------------
Mon Jul 1 08:22:46 UTC 2019 - Martin Liška <mliska@suse.cz>
- Update to version 1.88:
* Comparing pointers that point to different objects
* Address of local variable 'x' is accessed at non-zero index
* STL usage: unnecessary search before insertion
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Better handling of C++14 and C++17
* New command line option --addon used to run addons directly from Cppcheck.
* Some advanced options are only available in GUI:
- Update to version 1.87:
* --project can now import Cppcheck GUI projects.
* Condition is always true when array address is compared with 0.
* function argument expression calculation has known result (#8830)
* Better lifetime checking (using pointer/reference that points at deleted object)
* Improved whole program analysis
* Better handling of language extension var@address.
* Many improvements in parser to handle templates, type aliases, etc better
* New addon for checking naming conventions. Naming conventions are configured in json file.
-------------------------------------------------------------------
Thu Jan 3 18:13:49 UTC 2019 - Nemanja V <nafsub@outlook.com>
- Workaround for CMake lacking a CFGDIR variable.
* Patch was submitted (https://github.com/danmar/cppcheck/pull/1554)
and accepted so this change should be reverted and replaced with a CMake compile definition
-DCFGDIR=\"%{_datadir}/%{name}\" once a new upstream version is released.
-------------------------------------------------------------------
Thu Dec 27 10:03:28 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Small packaging enhancements
-------------------------------------------------------------------
Thu Dec 20 13:40:09 UTC 2018 - Christoph G <foss@grueninger.de>
- Use Python 3 instad of Python 2
- Switch to CMake as the used build system, otherwise Python 3
could not be detected by plain make
-------------------------------------------------------------------
Wed Dec 19 21:31:18 UTC 2018 - Christoph G <foss@grueninger.de>
- Update to 1.86
* Many fixes in the template simplifier
* Several fixes in the abstract syntax tree.
Checking improvements:
* New check: passing address of char to function that expects a
strz
* New check: shadow variables
* Improved lifetime checking
* Improved STL iterators checking
* Improved data flow analysis
New libraries:
* zlib
* googletest
Addons:
* misra.py: Fixes for suppressions and exclusions
* namingng.py: New addon to check naming conventions. Rules are
specified in json file.
-------------------------------------------------------------------
Thu Oct 18 08:43:15 UTC 2018 - mvetter@suse.com
- Update to 1.85:
Changes from 1.83:
Command line:
- fixes in parser
- Improved loading of platform files.
GUI:
- few minor improvements in user interface
- Code preview
- Added MISRA addon integration
- Platform can be selected in project settings
- Fixed issue when loading xml results file
Addons:
- We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.
Changes from 1.85:
General:
- We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped.
You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
Checking improvements:
- New check: Suggest STL algorithms instead of hard-coded for loops
- New check: Warn about ineffective algorithms (same iterator passed)
- New check: Mismatching iterators used together in operators
- Container (STL/Qt/WxWidgets/etc) access out of bounds
- Improved the checkers that warns about same/opposite expressions, track variable values better.
- Variable scope: warn about references also
Graphical user interface:
- You can specify undefines in the project file dialog
- Fixed configuration of suppressions
- Windows: Fixed issue of wrong/no theme being applied to UI elements
Misra:
- support per file excludes from cppcheck
- support per file suppressions from cppcheck
- summary will now summarize results for all files again
- a few false positives were fixed
-------------------------------------------------------------------
Accepting request 577725 from home:alois:branches:devel:tools - Update to version 1.82 Bug fixes: * Better handling of namespaces * Fixed false positives * Fixed parsing of compile databases * Fixed parsing of visual studio projects Enhancements * New check; Detect mistakes when there are multiple strcmp() in condition Example: if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C")) There is a missing '==0', and therefore this condition is always true except when password is "C". * New check; pointer calculation result can't be NULL unless there is overflow Example: someType **list_p = ...; if ((list_p + 1) == NULL) The result for '(list_p + 1)' can't be NULL unless there is overflow (UB). * New check; public interface of classes should be safe - detect possible division by zero Example: class Fred { public: void setValue(int mul, int div) { value = mul / div; // <- unsafe } ... This check does not consider how Fred::setValue() is really called. If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful. * Fixed a few false negatives * More information in the cfg files version 1.81 CPPCHECK: * New warning: Check if condition after an early return is overlapping and therefore always false. * Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu * Better handling of Visual Studio projects GUI: * Compile: Qt5 is now needed to build the GUI * Compile: New qmake flag HAVE_QCHART * Project: You can now run cppcheck-addons * Project: We have integrated clang-tidy * Results view: Reload last results (if cppcheck build dir is used) when GUI is started * Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..) * Results view: Shows when warning first appeared (since date) * Results view: Suppress warnings through right-click menu * Statistics: Added charts (shown if Qt charts module is enabled during build) version 1.80 Checking improvements: * Added platform for Atmel AVR 8 bit microcontrollers (avr8) * Better 'callstacks' in cppcheck messages * Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added motif.cfg * Various improvements to AST, ValueFlow analysis and template parsing Command line changes: * Deprecated command line argument *-append has been removed * New command line argument *-plist-output to create .plist files * New command line argument *-output-file to print output to file directly * Check OpenCL files (.cl) GUI: * Support export of statistics to PDF * Several small usability improvements * Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved. version 1.79 General changes: * C++ code in C files is rejected now (use *-language=c++ to enforce checking the code as C++) * Write function access type to XML dump Checking improvements: * Improved configuration extraction in preprocessor * Improved accuracy of AST * Improved template parsing * Improved support for (STL) containers in SymbolDatabase * Improved support for C++11's 'auto' type * Experimental support for uninitialized variables in ValueFlow analysis * Added qt.cfg and sfml.cfg, improved several existing .cfg files GUI: * Use CFGDIR macro * Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved. version 1.78 General changes: * Reduced memory usage by up to 10% by reducing size of token list New checks: * Mismatching argument names between function declaration and definition * Detect classes which have a copy constructor but no copy operator and vice versa Checking improvements: * Improved matching of overloaded functions * Improved ValueType analysis, especially related to allocations with "new" and C++11's "auto" * Improved support for C++11 brace initialization * Improved ValueFlow analysis * Improved template parsing * Improved detection of memory leaks * Improved nullpointer checking when nullptr and NULL are used * Detect array out of bounds across compilation units * Extended windows.cfg, posix.cfg and std.cfg * Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved. OBS-URL: https://build.opensuse.org/request/show/577725 OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=51
2018-02-19 04:33:22 +01:00
Sun Feb 18 10:40:07 UTC 2018 - aloisio@gmx.com
- Update to version 1.82
Bug fixes:
* Better handling of namespaces
* Fixed false positives
* Fixed parsing of compile databases
* Fixed parsing of visual studio projects
Enhancements
* New check; Detect mistakes when there are multiple strcmp() in
condition
Example:
if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
There is a missing '==0', and therefore this condition is
always true except when password is "C".
* New check; pointer calculation result can't be NULL unless
there is overflow
Example:
someType **list_p = ...;
if ((list_p + 1) == NULL)
The result for '(list_p + 1)' can't be NULL unless there is
overflow (UB).
* New check; public interface of classes should be safe - detect
possible division by zero
Example:
class Fred {
public:
void setValue(int mul, int div) {
value = mul / div; // <- unsafe
}
...
This check does not consider how Fred::setValue() is really
called.
If you agree that the public interface of classes should
always be safe; it should be allowed to call all public
methods with arbitrary arguments, then this checker will be
useful.
* Fixed a few false negatives
* More information in the cfg files
version 1.81
CPPCHECK:
* New warning: Check if condition after an early return is
overlapping and therefore always false.
* Improved knowledge about C/C++ standard, windows, posix,
wxwidgets, gnu
* Better handling of Visual Studio projects
GUI:
* Compile: Qt5 is now needed to build the GUI
* Compile: New qmake flag HAVE_QCHART
* Project: You can now run cppcheck-addons
* Project: We have integrated clang-tidy
* Results view: Reload last results (if cppcheck build dir is
used) when GUI is started
* Results view: Tag the warnings with custom keywords
(bug/todo/not important/etc..)
* Results view: Shows when warning first appeared (since date)
* Results view: Suppress warnings through right-click menu
* Statistics: Added charts (shown if Qt charts module is enabled
during build)
version 1.80
Checking improvements:
* Added platform for Atmel AVR 8 bit microcontrollers (avr8)
* Better 'callstacks' in cppcheck messages
* Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added
motif.cfg
* Various improvements to AST, ValueFlow analysis and template
parsing
Command line changes:
* Deprecated command line argument *-append has been removed
* New command line argument *-plist-output to create .plist
files
* New command line argument *-output-file to print output to
file directly
* Check OpenCL files (.cl)
GUI:
* Support export of statistics to PDF
* Several small usability improvements
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.79
General changes:
* C++ code in C files is rejected now (use *-language=c++ to
enforce checking the code as C++)
* Write function access type to XML dump
Checking improvements:
* Improved configuration extraction in preprocessor
* Improved accuracy of AST
* Improved template parsing
* Improved support for (STL) containers in SymbolDatabase
* Improved support for C++11's 'auto' type
* Experimental support for uninitialized variables in ValueFlow
analysis
* Added qt.cfg and sfml.cfg, improved several existing .cfg files
GUI:
* Use CFGDIR macro
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.78
General changes:
* Reduced memory usage by up to 10% by reducing size of token
list
New checks:
* Mismatching argument names between function declaration and
definition
* Detect classes which have a copy constructor but no copy
operator and vice versa
Checking improvements:
* Improved matching of overloaded functions
* Improved ValueType analysis, especially related to allocations
with "new" and C++11's "auto"
* Improved support for C++11 brace initialization
* Improved ValueFlow analysis
* Improved template parsing
* Improved detection of memory leaks
* Improved nullpointer checking when nullptr and NULL are used
* Detect array out of bounds across compilation units
* Extended windows.cfg, posix.cfg and std.cfg
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
-------------------------------------------------------------------
Tue Mar 21 10:28:21 UTC 2017 - mpluskal@suse.com
- Use qmake macros
- Run spec-cleaner
-------------------------------------------------------------------
Tue Mar 21 08:09:22 UTC 2017 - fvogt@suse.com
- Update to version 1.77:
* Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking
* Improved --project support for Visual Studio solutions
* Detect pointer overflow
* Detect usage of variable after std::move or std::forward
* Warn about number and char literals in boolean expressions
* Improved checking for variables modified but not used again
* Libraries: Added support to specify <returnValue>
* Improved ValueFlow, especially related to function return values and casts
* Improved simplification of Null values to allow more accurate checking
* Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg
* Reimplemented check for using iterators of mismatching containers... read more
- Always build Qt5 GUI
-------------------------------------------------------------------
Sat Feb 20 18:58:43 UTC 2016 - crrodriguez@opensuse.org
- Build the GUI against QT5 in newish products.
-------------------------------------------------------------------
Tue Sep 15 13:00:50 UTC 2015 - Adam Mizerski <adam@mizerski.pl>
- update to 1.70
* General changes:
- New version of .cfg file format, adding support for
namespaces and declaring several functions at once
- Support building x64 installer for Windows; Both x64 and x86
builds are now provided
- Warn about deprecated options --suppressions and
--exitcode-suppressions. They will be removed in future
- Added debugging option --debug-normal, which prints out debug
output before second stage simplification
* New checks:
- Warn about modifying string literals
- Detect declaration of variable length arrays with negative
size
- Warn about implicit type conversion from int to long
- Warn about redundant code in conditions like (y || (!y && z))
- Detect conditions with known result
- Race condition: non-interlocked access after
InterlockedDecrement()
- Detect unused 'goto' labels
* Removed checks:
- Do no longer warn about a bug in scanf implementation of
ancient glibc versions
- Multifile analysis (added in 1.69) has been removed because
it did not work
- Removed ExecutionPath checker, which has been superseeded by
ValueFlow analysis
* Improvements:
- Support hexadecimal floating point numbers (C99)
- Support [[deprecated]] (C++14)
- Improved handling of sizeof()
- Improved handling of reserved keywords
- Better handling of C declaration specifiers; support
complex/_Complex (C99)
- Better handling of ternary operator in ValueFlow analysis
- Lots of improvements to .cfg files, especially std.cfg, which
now supports namespace std
- Improved performance and memory usage of Preprocessor
- Improved performance of matchcompiler
- Reduced Disk IO when ignoring paths
- Removed several obsolete simplifications
- Added python addons: naming.py, threadsafety.py and cert.py
* GUI:
- Support printing
- Added item "Open containing folder" to context menu
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
-------------------------------------------------------------------
Fri May 15 13:48:34 UTC 2015 - Adam Mizerski <adam@mizerski.pl>
- update do 1.69
* General changes:
- Added flag --platform=native, when it is used type sizes and
behaviour of host system are used
- Backward compatibility for Libary files is now working.
Future cppcheck versions will be able to use libraries
written for previous versions
- Windows 32 bit builds now set /LARGEADDRESSAWARE, so that
they can use up to 4 GiB
* New checks:
- Detect bad bitmask checks (usage of | where & should be used)
- Suggest usage of "explicit" for constructors with a single
parameter
- Suggest usage of make_shared/make_unique
- Warn about usage of malloc with auto_ptr
- Detect redundant pointer operations like &*ptr
* Improvements:
- Support std::array (C++11)
- Detect same expressions in both branches of a ternary
operator
- New <container>-tags in libraries to configure STL (and
similar) container types
- Several improvements to ValueFlow analysis (for example
support for default function arguments)
- Improved buffer overrun and memory leak checking
- Removed a bunch of redundant checking code
- Removed several simplifications
- Stronger matching of library functions
- Lots of additions to std.cfg and posix.cfg
- New library for Microsoft SAL (microsoft_sal.cfg)
- Improved C++11 template parsing (">>" as closing brackets,
variadic templates)
- Added statistics to htmlreport
* GUI:
- Fixed language selection
-------------------------------------------------------------------
Thu Jan 8 11:04:07 UTC 2015 - danny.al-gaaf@bisect.de
- update to 1.68:
* New checks:
- Multifile checking for buffer overruns and uninitialized
variables
* Improvements:
- Libraries are now able to contain platform specific types
- Improved handling of function overloads
- Improved handling of integer literal suffixes
- Improved stability of template parsing
- Improved accuracy of ValueFlow analysis
- Improved checking of pointer overflow
- Support noexcept(false)
- Support __attribute__((noreturn))
- A bunch of additions to several Libraries, especially
posix.cfg and qt.cfg
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
-------------------------------------------------------------------
Wed Oct 22 05:00:02 UTC 2014 - danny.al-gaaf@bisect.de
- update to 1.67:
* General changes:
- Library files have now a 'format' attribute. Format version
1 is assumed by default
- Cppcheck does no longer abort checking if unhandled
characters (Non-ASCII) are found
* New checks:
- Check for unused return values
- Detect shift by too many bits, signed integer overflow and
dangerous sign conversion
- Recommend usage of expm1(), log1p(), erfc()
- Division by sizeof() as parameter to memset/memcpy/
memmove/etc. as they expect a size in bytes
- Several new va_arg related checks:
-- Wrong parameter passed to va_start()
-- Reference passed to va_start()
-- Missing va_end()
-- Using va_list before it is opened
-- Subsequent calls to va_start/va_copy()
- Initialization by itself in initializer list
- Dead pointer usage when pointer alias local variable that
has gone out of scope
* Improvements:
- Support uniform initialization syntax (C++11)
- Much improvements to value flow analysis
- Improved AST creation (support placement new, C++-style
casts, templates, operator new[], ...)
- Improved lambda support
- Support GCC extension __attriute__((used)) and MSVC