From d53b16012f776fea53d2de942eded0e646e1c8e2c8778bd15818332aed8066af Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sun, 1 Sep 2024 13:18:24 +0000 Subject: [PATCH] Accepting request 1198146 from home:mathletic:branches:devel:tools - update to 2.15.0 * New check suspiciousFloatingPointCast flags unnecessary floating point casts that cause loss of precision * Added command-line option --cpp-header-probe (and --no-cpp-header-probe) to probe headers and extension-less files for Emacs marker * Add support for 'CLICOLOR_FORCE'/'NO_COLOR' environment variables to force/disable ANSI color output for diagnostics. * Add "remark comments" that can be used to generate reports with justifications for warnings * The whole program analysis is now being executed when "--project" is being used. OBS-URL: https://build.opensuse.org/request/show/1198146 OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=138 --- .gitattributes | 23 + .gitignore | 1 + cppcheck-2.14.2.tar.gz | 3 + cppcheck-2.15.0.tar.gz | 3 + cppcheck.changes | 1156 ++++++++++++++++++++++++++++++++++++++++ cppcheck.spec | 135 +++++ 6 files changed, 1321 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 cppcheck-2.14.2.tar.gz create mode 100644 cppcheck-2.15.0.tar.gz create mode 100644 cppcheck.changes create mode 100644 cppcheck.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/cppcheck-2.14.2.tar.gz b/cppcheck-2.14.2.tar.gz new file mode 100644 index 0000000..c2d15d9 --- /dev/null +++ b/cppcheck-2.14.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c3acea5f489336bd83a8ea33917a9a04a80c56d874bf270287e7de27acf2d00 +size 3723248 diff --git a/cppcheck-2.15.0.tar.gz b/cppcheck-2.15.0.tar.gz new file mode 100644 index 0000000..b9370d0 --- /dev/null +++ b/cppcheck-2.15.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98bcc40ac8062635b492fb096d7815376a176ae26749d6c708083f4637f7c0bb +size 3820560 diff --git a/cppcheck.changes b/cppcheck.changes new file mode 100644 index 0000000..660ed40 --- /dev/null +++ b/cppcheck.changes @@ -0,0 +1,1156 @@ +------------------------------------------------------------------- +Sun Sep 1 06:13:20 UTC 2024 - Christoph G + +- update to 2.15.0 + * New check suspiciousFloatingPointCast flags unnecessary floating + point casts that cause loss of precision + * Added command-line option --cpp-header-probe (and + --no-cpp-header-probe) to probe headers and extension-less + files for Emacs marker + * Add support for 'CLICOLOR_FORCE'/'NO_COLOR' environment + variables to force/disable ANSI color output for diagnostics. + * Add "remark comments" that can be used to generate reports with + justifications for warnings + * The whole program analysis is now being executed when + "--project" is being used. + +------------------------------------------------------------------- +Sat Jun 22 14:37:43 UTC 2024 - Christoph G + +- update to 2.14.2 + * Justifications for warnings using comments in the code + * Fix alignas handling + +------------------------------------------------------------------- +Mon May 27 07:17:31 UTC 2024 - Christoph G + +- update to 2.14.1 + * Build: fix USE_MATCHCOMPILER CMake option validation + * Improve Checking: implement evaluation order checker for c++11 + and later + +------------------------------------------------------------------- +Fri Apr 26 20:39:37 UTC 2024 - Christoph G + +- update to 2.14.0 + * New checks: + - eraseIteratorOutOfBounds: warns when erase() is called on an + iterator that is out of bounds + - returnByReference: warns when a large class member is returned + by value from a getter function + +------------------------------------------------------------------- +Sun Mar 24 17:19:47 UTC 2024 - Dirk Müller + +- update to 2.13.4: + * Speedup premium misra checking + +------------------------------------------------------------------- +Mon Feb 5 09:43:34 UTC 2024 - Dirk Müller + +- update to 2.13.3: + * settings.cpp: Update autosar+cert+misra checkers mappings + * Fix #12389 (GUI: premiumaddon is not executed properly anymore) + +------------------------------------------------------------------- +Fri Jan 26 09:06:48 UTC 2024 - Dirk Müller + +- update to 2.13.2: + * Fix premium version check + * Fix 12375 + +------------------------------------------------------------------- +Mon Jan 22 09:54:31 UTC 2024 - Dirk Müller + +- update to 2.13.1: + * Show premium autosar/misra/cert style issues even if --enable + is not used + * Better validation of --premium options + * unsafe handling of unconditional #error + * unsafe suppressions of critical errors + * missing "misra-config" warning, calling unknown function in + condition + * If --premium=safety is used then go to "safety mode". Do not + override this in cppcheck.cfg + +------------------------------------------------------------------- +Sun Dec 24 06:43:54 UTC 2023 - Christoph G + +- update to 2.13.0 + * newCheck passedByValueCallback for functions which take a + parameter by value but are used as callbacks + * newCheck returnImplicitInt for C functions without return type + * newCheck iterateByValue for iterating by value in a range-based + for loop when a const reference could be used +- Drop patches werror-return-type.patch, eb076d87.patch, and + CVE-2023-39070.patch which are part of upstream or fixed in a + similar way. + +------------------------------------------------------------------- +Wed Dec 20 23:14:07 UTC 2023 - Dirk Müller + +- add CVE-2023-39070.patch (CVE-2023-39070, bsc#1215233) + +------------------------------------------------------------------- +Thu Nov 9 10:21:24 UTC 2023 - Guillaume GARDET + +- Replace disable-some-tests-about-char-signedness.patch with + upstream patch to fix tests on non-x86_64 (such as aarch64): + * eb076d87.patch + +------------------------------------------------------------------- +Tue Sep 19 14:21:21 UTC 2023 - Dirk Müller + +- update to 2.12.1: + * Support importing projects with project-name + +------------------------------------------------------------------- +Thu Sep 14 11:18:59 UTC 2023 - Dirk Müller + +- update to 2.12.0: + * uselessOverride finds overriding functions that either + duplicate code from or delegate back to the base class + implementation + * knownPointerToBool finds pointer to bool conversions that are + always true or false + * truncLongCastAssignment and truncLongCastReturn check + additional types, including float/double/long double + * duplInheritedMember also reports duplicated member functions + * constParameter*/constVariable* checks find more instances of + pointers/references that can be const, e.g. when calling + library functions + * Write how many checkers was activated after a run + * Added --checkers-report that can be used to generate a report + in a file that shows what checkers was activated and disabled + * The qmake build system has been deprecated and will be + removed in a future version. + * Command-line option '--template +- update to 2.11: + * pop_back on empty container is UB + * Improve useStlAlgorithm check to handle many more conditions + in the loop for any_of, all_of and none_of algorithms + * ValueFlow can evaluate the return value of functions even + when conditionals are used + * ValueFlow will now forward the container sizes being returned + from a function + * ValueFlow can infer possible values from possible symbolic + values + * Improve valueflow after pushing to container + * The new option --check-level= has been added that controls + how much checking is made by Cppcheck. The default checking + level is "normal". If you feel that you can wait longer on + results you can use --check-level=exhaustive. + * It is no longer necessary to run "--check-config" to get + detailed "missingInclude" and "missingIncludeSystem" + messages. They will always be issued in the regular analysis + if "missingInclude" is enabled. + * "missingInclude" and "missingIncludeSystem" are reported with + "-j" is > 1 and processes are used in the backend (default in + non-Windows binaries) + * "missingInclude" and "missingIncludeSystem" will now cause + the "--error-exitcode" to be applied + * "--enable=information" will no longer implicitly enable + "missingInclude" starting with 2.16. Please enable it + explicitly if you require it. + * The `constParameter` and `constVariable` checks have been + split into 3 different IDs based on if the variable is a + pointer, a reference, or local. The different IDs will allow + users to suppress different const warning based on variable + type. + * `constParameter` + * `constParameterReference` + * `constParameterPointer` + * `constVariable` + * `constVariableReference` + * `constVariablePointer` + * More command-line parameters will now check if the given + integer argument is actually valid. Several other internal + string-to-integer conversions will now be error checked. + * scanning projects (with -j1) will now defer the analysis of + markup files until the whole code was processed +- add werror-return-type.patch to fix false warnings where + gcc can not properly detect the "noreturn" nature of the function + +------------------------------------------------------------------- +Tue May 30 10:57:47 UTC 2023 - Manfred Schwarb + +- test suite quirks: + * Add patch disable-some-tests-about-char-signedness.patch, taken + from Debian, to disable test "TestCondition::alwaysTrueContainer" + which fails on "unsigned char" archs (arm, ppc) + * Run test suite with "-j1", as TestProcessExecutor test is flaky otherwise + +------------------------------------------------------------------- +Wed Mar 29 12:13:06 UTC 2023 - Dirk Müller + +- switch on Tumbleweed temporarily to gcc 12 to avoid + "allocator_traits::rebind_alloc must be A" + (as mentioned on https://gcc.gnu.org/gcc-13/porting_to.html) + +------------------------------------------------------------------- +Wed Mar 15 20:23:58 UTC 2023 - Dirk Müller + +- update to 2.10.3: + * SymbolDatabase: Fix handling of function pointer arguments + +------------------------------------------------------------------- +Mon Feb 27 21:39:54 UTC 2023 - Dirk Müller + +- update to 2.10.2: + * GUI: Set proper title for compliance report dialog + * GUI: Generate compliance report + * Tokenizer: tweaked simplification of function pointers + +------------------------------------------------------------------- +Tue Jan 31 18:24:47 UTC 2023 - PragmaticLinux + +- install files from the addons/ and platforms/ directories - boo#1207806 +- correct shebang fix for htmlreport/cppcheck-htmlreport + +------------------------------------------------------------------- +Mon Jan 30 12:07:50 UTC 2023 - Dirk Müller + +- update to 2.10.0: + * Many improvements and fixes in checkers. + * New check: use memset/memcpy instead of loop + CLI: + * if the file provided via "--file-list" cannot be opened it + will now error out + * add command-line option "--disable=" to individually disable + checks + GUI: + * Detect when installed version is old. There is setting in + Edit/Preferences to turn this on. + * Fix path issue with backslashes + * Cleanup *.ctu-info files after analysis + Build: + * the deprecated Makefile option SRCDIR is no longer accepted + * added CMake option BUILD_CORE_DLL to build lib as + cppcheck-core.dll with Visual Studio + +------------------------------------------------------------------- +Wed Dec 7 22:39:58 UTC 2022 - Dirk Müller + +- update to 2.9.3: + * various GUI and premium feature handling bugfixes + +------------------------------------------------------------------- +Sat Sep 17 16:28:54 UTC 2022 - Dirk Müller + +- update to 2.9: + * restored check for negative allocation (new[]) and negative VLA sizes from + cppcheck 1.87 (LCppC backport) + * replaced hardcoded check for pipe() buffer size by library configuration + option (LCppC backport) + * on Windows the callstack is now being written to the output specific via + "--exception-handling" + * make it possible to disable the various exception handling parts via the + CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and + "NO_WINDOWS_SEH" + * detect more redundant calls of std::string::c_str(), std::string::substr(), + and unnecessary copies of containers + * Add a match function to addon similiar to Token::Match used internally by + cppcheck: + * | for either-or tokens(ie struct|class to match either struct or class) + * !! to negate a token + * It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords + * It supports (*), {*}, [*], and <*> to match links + * @ can be added to bind the token to a name + * ** can be used to match until a token + * Add math functions which can be used in library function definition. This + enables evaluation of more math functions in ValueFlow + * Further improve lifetime analysis with this pointers + * Propagate condition values from outer function calls + * Add debug intrinsics debug_valueflow and debug_valuetype to show more + detail including source backtraces + +------------------------------------------------------------------- +Sun Jul 17 16:14:50 UTC 2022 - Dirk Müller + +- update to 2.8.2: + * do not allocate std::string when column is -1 + * catch internal error during whole program analysis + * fix whole program analysis + +------------------------------------------------------------------- +Tue Jun 7 21:17:15 UTC 2022 - Dirk Müller + +- update to 2.8: + * Lifetime analysis can now track lifetime across user-defined constructors + when they are inline and using member initializer list. + * SymbolDatabase can now deduce iterator types from how they are specified in + the library files. + * ValueFlow can evaluate class member functions that return known values. + * Improve duplicateValueTenary to not warn when used as an lvalue or when one + branch has side effects + * Fix variableScope to not warn when variables are used in lambda functions + * Fix unassignedVariable warnings when using structured bindings + * Fix redundantInitialization warning when variable is used in a lambda + * Fix variableScope warnings when using if/while init-statement + * Improve lifetime analysis when returning variadic template expressions + * Detect more statements with constStatement + * Detect variableScope for more types + * Improvements to unreadVariable + * Detect more instances of C style casts + * Warn if the return value of new is discarded + * The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar + * Extended library format to exclude specific function argument values + +------------------------------------------------------------------- +Tue Apr 19 13:30:47 UTC 2022 - Dirk Müller + +- update to 2.7.5: + * Import Project: Fix problem with define value with space + +------------------------------------------------------------------- +Sat Mar 26 14:06:09 UTC 2022 - Dirk Müller + +- update to 2.7.4: + * Fixes "undefined reference to `tinyxml2::" + * Replace tinyxml2_LIBRARY with tinyxml2_LIBRARIES + +------------------------------------------------------------------- +Sun Mar 20 19:22:39 UTC 2022 - Dirk Müller + +- update to 2.7.1: + * Add support for container views. The view attribute has been added to the + library tag to specify the class is a view. The lifetime + analysis has been updated to use this new attribute to find dangling + lifetime containers. + * Various checker improvements. + * Fixed false positives. +- drop fix-i586.patch (obsolete) + +------------------------------------------------------------------- +Sat Dec 18 08:34:22 UTC 2021 - Dirk Müller + +- update to 2.6.3: + * Fix execution of executable addons from GUI + +------------------------------------------------------------------- +Sun Dec 5 20:41:11 UTC 2021 - Dirk Müller + +- update to 2.6.2: + * New checks in core cppcheck: + * missing return in function + * writing overlapping data, detect undefined behavior + * compared value is out of possible type range + * Copy elision optimization can't be applied for return std::move(local) + * file can not be opened for read and write access at the same + time on different streams + * Various improvements +- drop 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch (upstream) + +------------------------------------------------------------------- +Sun Sep 19 09:10:14 UTC 2021 - Christophe Giboudeaux + +- Add glibc 2.34 build fix: + * 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch + +------------------------------------------------------------------- +Sat Jul 17 13:10:26 UTC 2021 - Dirk Müller + +- update to 2.5: + * checked that all features in c++11, c++14, c++17 are supported + * c++20 support is improved but not complete yet + * improved library files, better knowledge about APIs + * improved checks to detect more bugs + * fixed checks to avoid unwanted warnings + * suspicious container/iterator assignment in condition + * rethrow without current handled exception +- drop 0002-Another-gcc11-fix-3179.patch, 0001-Fix-gcc11-build-errors.patch: upstream + +------------------------------------------------------------------- +Tue Jun 1 09:00:08 UTC 2021 - Christophe Giboudeaux + +- Add GCC compatibility fixes: + * 0001-Fix-gcc11-build-errors.patch + * 0002-Another-gcc11-fix-3179.patch + +------------------------------------------------------------------- +Mon May 10 06:49:08 UTC 2021 - Stephan Kulow + +- add fix-i586.patch to fix compilation on i586, where the test + case tests the wrong IntRange + +------------------------------------------------------------------- +Wed Mar 24 08:12:09 UTC 2021 - Dirk Müller + +- update to 2.4.1: + * fix for windows installer, no other changes + +------------------------------------------------------------------- +Mon Mar 22 21:23:13 UTC 2021 - Dirk Müller + +- update to 2.4: + * Detect one definition rule violations + * MISRA improvements + * ImportProject fixes + * Various bug hunting improvements + * Fixes when importing AST from clang + +------------------------------------------------------------------- +Sat Dec 12 15:28:36 UTC 2020 - Milan Savić + +- Update to version 2.3 + + Improved C++ parser: + * types + * wrong operands in ast + * better simplification of templates + Improved clang import, various fixes. + Improved value flow analysis + Fixed false positives + Improved configuration in library files + * boost.cfg + * googletest.cfg + * qt.cfg + * windows.cfg + * wxwidgets.cfg + Added several Misra rules: + * 6.1 + * 6.2 + * 7.2 + * 7.4 + * 9.2 + * 10.2 + * 15.4 + Added platforms: + * elbrus e1c+ + * pic + * pic8 + * mips + +- Update to version 2.2 + + New checks: + * incorrect usage of mutexes and lock guards + * Dereference end iterator + * Iterating a known empty container + * outOfBounds check for iterators to containers + Removed 'operator=' check that ensures reference to self is returned. That is not about safety. + Improved parser + * various ast fixes + Clang parser + * The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems. + Improved bug hunting + * variable constraints + * handling of multidimension arrays + * function calls, execute functions that are in same TU + * improved handling of containers + * several improvements for uninitialized variables check + * improved analysis of for loops + * added a hash value for warnings that can be used for suppressions + Improved data flow + * one more heuristic for ternary operators + * improved data flow for containers + CLI: + * Fixed some addon execution problems when there are spaces etc + GUI: + * Fix handling of tags + * Exclude files + cppcheck-htmlreport: + * several result files can be combined into 1 output + Suppressions: + * comments can be added at end of suppression in suppressions file + +------------------------------------------------------------------- +Mon Jul 13 21:16:05 UTC 2020 - Matthias Eliasson + +- Update to version 2.1 + * We have tweaked build scripts. + * When you use USE_Z3=yes, we will handle new versions of z3 better. If you + have an old z3 library and get compilation problems you will need to add + a z3_version.h in externals. + * The cmake scripts was updated. + * There was a couple of bug fixes. + New check: + * for "expression % 1" the result is always 0. +- Run spec-cleaner + * Remove rpm groups +- Enable Z3 build flag + +------------------------------------------------------------------- +Thu Mar 12 12:54:24 UTC 2020 - Vladislav Savic + +- Since cppcheck version 1.89 CFGDIR is replaced by FILESDIR and + cfg files are no longer kept in FILESDIR but in subfolder FILESDIR/cfg. + +------------------------------------------------------------------- +Wed Mar 4 12:17:56 UTC 2020 - Martin Pluskal + +- Use cmake macros + +------------------------------------------------------------------- +Wed Mar 4 11:32:52 UTC 2020 - Danny Al-Gaaf + +- Update to version 1.90 + * alias to vector element invalid after vector is changed + * improved value flow analysis for struct members + * improved value flow analysis for pointer alias + * CERT: Added ENV33-C: Do not call system() + * MISRA: added rules 2.7, 3.2, 4.2, 14.2, 21.1, 21.12 + +- update to version 1.89 + * The default warning message format was changed. The new format + is similar to GCC. If you want to get warnings in the old + format, add --template=cppcheck1 to the command line. + * improved value flow analysis for pointer aliases + * improved checking for uninitialized variables/structs + * better checking of smart pointers + * better checking of global variables + * Added Cppcheck annotations cppcheck_low(VALUE) and + cppcheck_high(VALUE) + * shadow variables; warn when argument is shadowed + * warn if local reference variable can be const + * Added API01-C: Avoid laying out strings in memory directly + before sensitive data + * Added MSC24-C: Do not use deprecated or obsolescent functions + * Added STR11-C: Do not specify the bound of a character array + initialized with a string literal + * MISRA: added rules 17.2, 18.4, 18.7 + +------------------------------------------------------------------- +Mon Jul 1 08:22:46 UTC 2019 - Martin Liška + +- Update to version 1.88: + * Comparing pointers that point to different objects + * Address of local variable 'x' is accessed at non-zero index + * STL usage: unnecessary search before insertion + * Duplicate expression for condition and assignment: if (x==3) x=3; + * Better handling of C++14 and C++17 + * New command line option --addon used to run addons directly from Cppcheck. + * Some advanced options are only available in GUI: + +- Update to version 1.87: + * --project can now import Cppcheck GUI projects. + * Condition is always true when array address is compared with 0. + * function argument expression calculation has known result (#8830) + * Better lifetime checking (using pointer/reference that points at deleted object) + * Improved whole program analysis + * Better handling of language extension var@address. + * Many improvements in parser to handle templates, type aliases, etc better + * New addon for checking naming conventions. Naming conventions are configured in json file. + +------------------------------------------------------------------- +Thu Jan 3 18:13:49 UTC 2019 - Nemanja V + +- Workaround for CMake lacking a CFGDIR variable. + * Patch was submitted (https://github.com/danmar/cppcheck/pull/1554) + and accepted so this change should be reverted and replaced with a CMake compile definition + -DCFGDIR=\"%{_datadir}/%{name}\" once a new upstream version is released. + +------------------------------------------------------------------- +Thu Dec 27 10:03:28 UTC 2018 - Martin Pluskal + +- Small packaging enhancements + +------------------------------------------------------------------- +Thu Dec 20 13:40:09 UTC 2018 - Christoph G + +- Use Python 3 instad of Python 2 +- Switch to CMake as the used build system, otherwise Python 3 + could not be detected by plain make + +------------------------------------------------------------------- +Wed Dec 19 21:31:18 UTC 2018 - Christoph G + +- Update to 1.86 + * Many fixes in the template simplifier + * Several fixes in the abstract syntax tree. + Checking improvements: + * New check: passing address of char to function that expects a + strz + * New check: shadow variables + * Improved lifetime checking + * Improved STL iterators checking + * Improved data flow analysis + New libraries: + * zlib + * googletest + Addons: + * misra.py: Fixes for suppressions and exclusions + * namingng.py: New addon to check naming conventions. Rules are + specified in json file. + +------------------------------------------------------------------- +Thu Oct 18 08:43:15 UTC 2018 - mvetter@suse.com + +- Update to 1.85: + Changes from 1.83: + Command line: + - fixes in parser + - Improved loading of platform files. + GUI: + - few minor improvements in user interface + - Code preview + - Added MISRA addon integration + - Platform can be selected in project settings + - Fixed issue when loading xml results file + Addons: + - We are now officially releasing our MISRA addon. So far it supports MISRA C 2012. + Changes from 1.85: + General: + - We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. + You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6. + Checking improvements: + - New check: Suggest STL algorithms instead of hard-coded for loops + - New check: Warn about ineffective algorithms (same iterator passed) + - New check: Mismatching iterators used together in operators + - Container (STL/Qt/WxWidgets/etc) access out of bounds + - Improved the checkers that warns about same/opposite expressions, track variable values better. + - Variable scope: warn about references also + Graphical user interface: + - You can specify undefines in the project file dialog + - Fixed configuration of suppressions + - Windows: Fixed issue of wrong/no theme being applied to UI elements + Misra: + - support per file excludes from cppcheck + - support per file suppressions from cppcheck + - summary will now summarize results for all files again + - a few false positives were fixed + +------------------------------------------------------------------- +Sun Feb 18 10:40:07 UTC 2018 - aloisio@gmx.com + +- Update to version 1.82 + Bug fixes: + * Better handling of namespaces + * Fixed false positives + * Fixed parsing of compile databases + * Fixed parsing of visual studio projects + Enhancements + * New check; Detect mistakes when there are multiple strcmp() in + condition + Example: + if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C")) + There is a missing '==0', and therefore this condition is + always true except when password is "C". + * New check; pointer calculation result can't be NULL unless + there is overflow + Example: + someType **list_p = ...; + if ((list_p + 1) == NULL) + The result for '(list_p + 1)' can't be NULL unless there is + overflow (UB). + * New check; public interface of classes should be safe - detect + possible division by zero + Example: + class Fred { + public: + void setValue(int mul, int div) { + value = mul / div; // <- unsafe + } + ... + This check does not consider how Fred::setValue() is really + called. + If you agree that the public interface of classes should + always be safe; it should be allowed to call all public + methods with arbitrary arguments, then this checker will be + useful. + * Fixed a few false negatives + * More information in the cfg files + + version 1.81 + CPPCHECK: + * New warning: Check if condition after an early return is + overlapping and therefore always false. + * Improved knowledge about C/C++ standard, windows, posix, + wxwidgets, gnu + * Better handling of Visual Studio projects + GUI: + * Compile: Qt5 is now needed to build the GUI + * Compile: New qmake flag HAVE_QCHART + * Project: You can now run cppcheck-addons + * Project: We have integrated clang-tidy + * Results view: Reload last results (if cppcheck build dir is + used) when GUI is started + * Results view: Tag the warnings with custom keywords + (bug/todo/not important/etc..) + * Results view: Shows when warning first appeared (since date) + * Results view: Suppress warnings through right-click menu + * Statistics: Added charts (shown if Qt charts module is enabled + during build) + + version 1.80 + Checking improvements: + * Added platform for Atmel AVR 8 bit microcontrollers (avr8) + * Better 'callstacks' in cppcheck messages + * Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added + motif.cfg + * Various improvements to AST, ValueFlow analysis and template + parsing + Command line changes: + * Deprecated command line argument *-append has been removed + * New command line argument *-plist-output to create .plist + files + * New command line argument *-output-file to print output to + file directly + * Check OpenCL files (.cl) + GUI: + * Support export of statistics to PDF + * Several small usability improvements + + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + + version 1.79 + General changes: + * C++ code in C files is rejected now (use *-language=c++ to + enforce checking the code as C++) + * Write function access type to XML dump + Checking improvements: + * Improved configuration extraction in preprocessor + * Improved accuracy of AST + * Improved template parsing + * Improved support for (STL) containers in SymbolDatabase + * Improved support for C++11's 'auto' type + * Experimental support for uninitialized variables in ValueFlow + analysis + * Added qt.cfg and sfml.cfg, improved several existing .cfg files + GUI: + * Use CFGDIR macro + + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + + version 1.78 + General changes: + * Reduced memory usage by up to 10% by reducing size of token + list + New checks: + * Mismatching argument names between function declaration and + definition + * Detect classes which have a copy constructor but no copy + operator and vice versa + Checking improvements: + * Improved matching of overloaded functions + * Improved ValueType analysis, especially related to allocations + with "new" and C++11's "auto" + * Improved support for C++11 brace initialization + * Improved ValueFlow analysis + * Improved template parsing + * Improved detection of memory leaks + * Improved nullpointer checking when nullptr and NULL are used + * Detect array out of bounds across compilation units + * Extended windows.cfg, posix.cfg and std.cfg + + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + +------------------------------------------------------------------- +Tue Mar 21 10:28:21 UTC 2017 - mpluskal@suse.com + +- Use qmake macros +- Run spec-cleaner + +------------------------------------------------------------------- +Tue Mar 21 08:09:22 UTC 2017 - fvogt@suse.com + +- Update to version 1.77: + * Added flag --cppcheck-build-dir to allow incremental analysis and inter-file checking + * Improved --project support for Visual Studio solutions + * Detect pointer overflow + * Detect usage of variable after std::move or std::forward + * Warn about number and char literals in boolean expressions + * Improved checking for variables modified but not used again + * Libraries: Added support to specify + * Improved ValueFlow, especially related to function return values and casts + * Improved simplification of Null values to allow more accurate checking + * Several improvements to windows.cfg, posix.cfg, gnu.cfg and std.cfg + * Reimplemented check for using iterators of mismatching containers... read more +- Always build Qt5 GUI + +------------------------------------------------------------------- +Sat Feb 20 18:58:43 UTC 2016 - crrodriguez@opensuse.org + +- Build the GUI against QT5 in newish products. + +------------------------------------------------------------------- +Tue Sep 15 13:00:50 UTC 2015 - Adam Mizerski + +- update to 1.70 + * General changes: + - New version of .cfg file format, adding support for + namespaces and declaring several functions at once + - Support building x64 installer for Windows; Both x64 and x86 + builds are now provided + - Warn about deprecated options --suppressions and + --exitcode-suppressions. They will be removed in future + - Added debugging option --debug-normal, which prints out debug + output before second stage simplification + * New checks: + - Warn about modifying string literals + - Detect declaration of variable length arrays with negative + size + - Warn about implicit type conversion from int to long + - Warn about redundant code in conditions like (y || (!y && z)) + - Detect conditions with known result + - Race condition: non-interlocked access after + InterlockedDecrement() + - Detect unused 'goto' labels + * Removed checks: + - Do no longer warn about a bug in scanf implementation of + ancient glibc versions + - Multifile analysis (added in 1.69) has been removed because + it did not work + - Removed ExecutionPath checker, which has been superseeded by + ValueFlow analysis + * Improvements: + - Support hexadecimal floating point numbers (C99) + - Support [[deprecated]] (C++14) + - Improved handling of sizeof() + - Improved handling of reserved keywords + - Better handling of C declaration specifiers; support + complex/_Complex (C99) + - Better handling of ternary operator in ValueFlow analysis + - Lots of improvements to .cfg files, especially std.cfg, which + now supports namespace std + - Improved performance and memory usage of Preprocessor + - Improved performance of matchcompiler + - Reduced Disk IO when ignoring paths + - Removed several obsolete simplifications + - Added python addons: naming.py, threadsafety.py and cert.py + * GUI: + - Support printing + - Added item "Open containing folder" to context menu + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + +------------------------------------------------------------------- +Fri May 15 13:48:34 UTC 2015 - Adam Mizerski + +- update do 1.69 + * General changes: + - Added flag --platform=native, when it is used type sizes and + behaviour of host system are used + - Backward compatibility for Libary files is now working. + Future cppcheck versions will be able to use libraries + written for previous versions + - Windows 32 bit builds now set /LARGEADDRESSAWARE, so that + they can use up to 4 GiB + * New checks: + - Detect bad bitmask checks (usage of | where & should be used) + - Suggest usage of "explicit" for constructors with a single + parameter + - Suggest usage of make_shared/make_unique + - Warn about usage of malloc with auto_ptr + - Detect redundant pointer operations like &*ptr + * Improvements: + - Support std::array (C++11) + - Detect same expressions in both branches of a ternary + operator + - New -tags in libraries to configure STL (and + similar) container types + - Several improvements to ValueFlow analysis (for example + support for default function arguments) + - Improved buffer overrun and memory leak checking + - Removed a bunch of redundant checking code + - Removed several simplifications + - Stronger matching of library functions + - Lots of additions to std.cfg and posix.cfg + - New library for Microsoft SAL (microsoft_sal.cfg) + - Improved C++11 template parsing (">>" as closing brackets, + variadic templates) + - Added statistics to htmlreport + * GUI: + - Fixed language selection + +------------------------------------------------------------------- +Thu Jan 8 11:04:07 UTC 2015 - danny.al-gaaf@bisect.de + +- update to 1.68: + * New checks: + - Multifile checking for buffer overruns and uninitialized + variables + * Improvements: + - Libraries are now able to contain platform specific types + - Improved handling of function overloads + - Improved handling of integer literal suffixes + - Improved stability of template parsing + - Improved accuracy of ValueFlow analysis + - Improved checking of pointer overflow + - Support noexcept(false) + - Support __attribute__((noreturn)) + - A bunch of additions to several Libraries, especially + posix.cfg and qt.cfg + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + +------------------------------------------------------------------- +Wed Oct 22 05:00:02 UTC 2014 - danny.al-gaaf@bisect.de + +- update to 1.67: + * General changes: + - Library files have now a 'format' attribute. Format version + 1 is assumed by default + - Cppcheck does no longer abort checking if unhandled + characters (Non-ASCII) are found + * New checks: + - Check for unused return values + - Detect shift by too many bits, signed integer overflow and + dangerous sign conversion + - Recommend usage of expm1(), log1p(), erfc() + - Division by sizeof() as parameter to memset/memcpy/ + memmove/etc. as they expect a size in bytes + - Several new va_arg related checks: + -- Wrong parameter passed to va_start() + -- Reference passed to va_start() + -- Missing va_end() + -- Using va_list before it is opened + -- Subsequent calls to va_start/va_copy() + - Initialization by itself in initializer list + - Dead pointer usage when pointer alias local variable that + has gone out of scope + * Improvements: + - Support uniform initialization syntax (C++11) + - Much improvements to value flow analysis + - Improved AST creation (support placement new, C++-style + casts, templates, operator new[], ...) + - Improved lambda support + - Support GCC extension __attriute__((used)) and MSVC + extension __declspec(property) + - Better support for static member variables, inherited + variables and namespaces + - Improved typedef support where multiple variables are + declared at once + - Avoid checking code multiple times by calculating a checksum. + Duplicate preprocessor configurations are eliminated by this. + - Support C++03/C 'auto' keyword + - HTML report: display 'verbose' message using clickable + expandable divs + * Additionally, lots of false positives and bugs have been fixed + and several existing checks have been improved. + +------------------------------------------------------------------- +Mon Sep 1 21:03:35 UTC 2014 - danny.al-gaaf@bisect.de + +- update to 1.66: + * new checks added: + - Compare pointer with '\0' + - Assigning boolean expression to floating point variables + * Improvements: + - Much improved AST + - Much improved ValueFlow analysis + - ValueFlow and AST now used by much more checks, improving + checking accuracy and performance + - Checking for self assignment now supports more complex + expressions + - Returning references to literals or references to calculation + results is detected + - Enhanced support for commutative operators in duplicate + expression checking + - Improved template/enum parsing + - Much improved htmlreport + - Definition of POD types in .cfg files + - Definition of minsize for buffer arguments in .cfg files + for buffer overflow checking + - Fixed handling of #error: Do not report them if -f and -D + are used together + - New .cfg file for AVR platform + - Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList + if --dump is given + - Improved performance in several cases + +------------------------------------------------------------------- +Sun May 11 20:56:06 UTC 2014 - danny.al-gaaf@bisect.de + +- update to 1.65: + * General changes: + - Cppcheck requires a C++11 compiler supporting the common + subset of features supported by GCC 4.4, Visual Studio 2010 + and Clang 2.9 + * Improvements: + - Much improved support of complex combinations of function + pointers, arrays and references + - Better handling of syntax errors + - Better detection of stack variables passed to free() + - Much improved value flow analysis + - More robust error detection in several checks due to usage + of AST + - Better handling of unknown Macros in function declarations + - Allocation/Deallocation functions can be extend across + different .cfg files + - Better handling of some C++11 language features like enum + class, in-class member initializers + - Detect calling (std::)abs() with bool argument + * New checks: + - Check for noexcept and __attribute__((nothrow)) correctness + - Check for unhandled exceptions when exception specifiers + are used + - Access to empty STL containers + - Repositioning operation on a file opened in append mode + - Find nested redundant if-statements (was experimental before) + * Additionally, a large number of false positives and crashs + has been fixed. + +------------------------------------------------------------------- +Thu May 1 21:46:42 UTC 2014 - danny.al-gaaf@bisect.de + +- update to 1.64 + * See http://sourceforge.net/p/cppcheck/news/ for changes. + +------------------------------------------------------------------- +Mon Jan 13 09:05:19 UTC 2014 - adam@mizerski.pl + +- Bundle config files. + +------------------------------------------------------------------- +Fri Jan 10 20:18:57 UTC 2014 - adam@mizerski.pl + +- update to 1.63 + * See http://sourceforge.net/p/cppcheck/news/ for changes. +- spec cleanups: + * Used format_spec_file service for general cleanup. + * Everything compiles with %optflags now. + * Added SRCDIR=build CFGDIR=cfg HAVE_RULES=yes options as suggested + in the readme.txt + * Added cppcheck.1 man page creation. + * Cleaned up BuildRequires tags. + * Added missing Requires: python* tags. + * Removed unneded "python ./setup.py install". + * Added COPYING to installed docs. + * Updated homepage URL. + +------------------------------------------------------------------- +Thu Apr 11 09:30:47 UTC 2013 - dalgaaf@suse.de + +- update to 1.59: + * Commandline/Settings changes: + - New option to enable warnings but not style messages: + --enable=warning + - Cppcheck used to skip includes where the header filename + is enclosed in <>. You can now include these headers also by + using -I. + * New checks: + - New POSIX checks: pipe() buffer size, redundant calls of + set/get user id, too big value passed to usleep(), buffer + overflow when using write() + - Storing getc() return value in char variable and comparing + to EOF. + - Detect redundant bitand operations + - Find suspicious equality comparisons like: if(a == 0) a == 1; + - Warn about using malloc() for classes containing virtual + methods, std::-objects or constructors + - Portability check that warns when using NULL as argument to + variadic function. It has undefined behaviour on some + implementations. + * Improvements: + - Improved lookup for functions and types + - Switched to TinyXml2 as XML library + - Improved checking for uninitialized struct members, + variable scopes that can be reduced and unused functions + * GUI: + - Remember last path in open file dialog + - Added command line parameter to open a results file + - Bug in statistic calculation fixed + +------------------------------------------------------------------- +Fri Feb 8 07:46:59 UTC 2013 - highwaystar.ru@gmail.com + +- update to 1.58 + * Commandline/Settings changes: + - Added --include to the cppcheck command line client. This forces + inclusion of the given file. This can for instance be used + instead of --append and will then allow you to use #define etc also. + - The threads handling has been improved. Using -jN now works in + windows also. + + * Improvements: + - NULL pointers: Improved checking of default function + argument values. + +------------------------------------------------------------------- +Wed Dec 26 04:11:57 UTC 2012 - mrdocs@opensuse.org + +- update to 1.57 + * Many bug fixes and additions + * Now requires Qt 4.8.3+ + * Complete versioned change log from 1.53-1.57: + https://sourceforge.net/news/?group_id=195752 + +------------------------------------------------------------------- +Sat Mar 10 20:10:56 CET 2012 - jslaby@suse.de + +- update to 1.53 + * 1.53: improved existing checks to detect more errors + * 1.52: added new checks + * 1.51: added new checks and fixed many false positives and false + negatives + +------------------------------------------------------------------- +Sun Aug 28 11:45:37 UTC 2011 - asn@cryptomilk.org + +- update to 1.50 + * Check for std::auto_ptr misuse (related to strict ownership). + * Read array and then immediately check if the array index is + within limits. + * Assign pointer to int/long. + * Assign bool to pointer. + * Duplicate "break" statements in switch. + * Matching "if" and "else if" conditions when using bitwise and. + * Matching assigment and condition when using bitwise and test if + unsigned value is less than zero + +------------------------------------------------------------------- +Mon Aug 8 03:54:42 UTC 2011 - mrdocs@opensuse.org +- version bump to 1.49 +- full change log + http://raw.github.com/danmar/cppcheck/master/Changelog + +------------------------------------------------------------------- +Mon Apr 11 08:46:59 UTC 2011 - asn@cryptomilk.org + +- update to 1.48 + +------------------------------------------------------------------- +Thu Jan 6 13:48:46 CET 2011 - asn@cynapses.org + +- Added a seperate package for the gui. +- Added cppcheck-htmlreport. + +------------------------------------------------------------------- +Sun Oct 3 22:58:13 UTC 2010 - adam@mizerski.pl + +- update to 1.45 + +------------------------------------------------------------------- +Sun Aug 22 17:03:39 UTC 2010 - mrdocs@opensuse.org + +- Updated to 1.44 +- take over maintership + +------------------------------------------------------------------- +Tue Jun 1 21:04:39 UTC 2010 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.43 + +------------------------------------------------------------------- +Mon Oct 26 19:04:25 UTC 2009 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.38 + +------------------------------------------------------------------- +Wed Sep 30 19:21:51 UTC 2009 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.37 + +------------------------------------------------------------------- +Sat May 16 03:32:31 CEST 2009 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.32 + +------------------------------------------------------------------- +Wed Apr 15 03:32:31 CEST 2009 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.31 + +------------------------------------------------------------------- +Wed Mar 11 03:32:31 CEST 2009 - bitshuffler #suse@irc.freenode.org + +- Updated to 1.30 + +------------------------------------------------------------------- +Tue Feb 10 03:32:31 CEST 2009 - bitshuffler #suse@irc.freenode.org + +- Initial RPM diff --git a/cppcheck.spec b/cppcheck.spec new file mode 100644 index 0000000..0e4a685 --- /dev/null +++ b/cppcheck.spec @@ -0,0 +1,135 @@ +# +# spec file for package cppcheck +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: cppcheck +Version: 2.15.0 +Release: 0 +Summary: A tool for static C/C++ code analysis +License: GPL-3.0-or-later +URL: https://github.com/danmar/cppcheck +Source: https://github.com/danmar/cppcheck/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildRequires: cmake +BuildRequires: docbook-xsl-stylesheets +BuildRequires: fdupes +BuildRequires: gcc-c++ +BuildRequires: libqt5-linguist-devel +BuildRequires: pkgconfig +BuildRequires: python3-base +BuildRequires: xsltproc +BuildRequires: z3-devel +BuildRequires: pkgconfig(Qt5Core) +BuildRequires: pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(Qt5Help) +BuildRequires: pkgconfig(Qt5Network) +BuildRequires: pkgconfig(Qt5PrintSupport) +BuildRequires: pkgconfig(Qt5Test) +BuildRequires: pkgconfig(Qt5Widgets) +BuildRequires: pkgconfig(libpcre) +ExcludeArch: %ix86 %arm +Requires: python3-Pygments + +%description +This program tries to detect bugs that your C/C++ compiler don't see. Cppcheck +is versatile. You can check non-standard code that includes various compiler +extensions, inline assembly code, etc. Checking covers for example these +errors: + + * Out of bounds + * Uninitialized member variable 'classname::varname' + * Using 'memfunc' on class + * Using 'memfunc' on struct that contains a 'std::classname' + * Class Base which is inherited by class Derived does not have a virtual + destructor + * Memory leak: varname + * Resource leak: varname + * Deallocating a deallocated pointer: varname + * Using 'varname' after it is deallocated / released + * Invalid radix in call to strtol or strtoul. Must be 0 or 2-36 + * Overlapping data buffer varname + * Unsigned division. The result will be wrong. + * Unusual pointer arithmetic + +%package gui +Summary: A tool for static C/C++ code analysis +Requires: cppcheck + +%description gui + +This is the gui for Cppcheck, a program to detect bugs that your C/C++ compiler +doesn't see. + +%prep +%autosetup -p1 + +%build +%cmake \ + -DCMAKE_CXX_FLAGS="%{optflags} -UNDEBUG" \ + -DFILESDIR="%{_datadir}/%{name}" \ + -DBUILD_GUI=ON \ + -DBUILD_TESTS=ON \ + -DHAVE_RULES=yes \ + -DUSE_Z3=yes +%cmake_build + +# does not work with CMake, directly call provided Makefile from source directory +cd .. +%make_build man \ + DB2MAN=%{_datadir}/xml/docbook/stylesheet/nwalsh/current/manpages/docbook.xsl + +# use python3 as interpreter +sed -i "s|env python3|python3|g" htmlreport/cppcheck-htmlreport + +%check +export CXXFLAGS="%{optflags}" +%define _smp_mflags -j1 +%ctest + +%install +install -Dpm 0755 build/bin/cppcheck \ + %{buildroot}%{_bindir}/cppcheck +install -Dpm 0755 htmlreport/cppcheck-htmlreport \ + %{buildroot}%{_bindir}/cppcheck-htmlreport +install -Dpm 0755 build/bin/cppcheck-gui \ + %{buildroot}%{_bindir}/cppcheck-gui +install -Dpm 0644 cppcheck.1 \ + %{buildroot}%{_mandir}/man1/cppcheck.1 +install -d %{buildroot}%{_datadir}/%{name}/cfg +install -pm 0644 cfg/*.cfg %{buildroot}%{_datadir}/%{name}/cfg +install -d %{buildroot}%{_datadir}/%{name}/platforms +install -pm 0644 platforms/*.xml %{buildroot}%{_datadir}/%{name}/platforms +install -d %{buildroot}%{_datadir}/%{name}/addons +install -pm 0644 addons/*.py %{buildroot}%{_datadir}/%{name}/addons +# Give execute permission to python addons with a shebang to fix non-executable-script +find %{buildroot}%{_datadir}/%{name}/addons -type f -size +0 -exec awk 'NR == 1 && /^#!.*python/ { exit } { exit 1 }' {} \; -print0 | xargs -0 chmod +x +# Correct shebang to fix env-script-interpreter +find %{buildroot}%{_datadir}/%{name}/addons -type f -size +0 -exec awk 'NR == 1 && /^#!.*python/ { exit } { exit 1 }' {} \; -print0 | xargs -0 sed -i "s|env python3|python3|g" +# Remove duplicate files +%fdupes -s %{buildroot}%{_datadir}/%{name}/platforms + +%files +%doc AUTHORS +%license COPYING +%{_bindir}/cppcheck +%{_bindir}/cppcheck-htmlreport +%{_datadir}/%{name}/ +%{_mandir}/man1/cppcheck.1%{?ext_man} + +%files gui +%{_bindir}/cppcheck-gui + +%changelog