* Show premium autosar/misra/cert style issues even if --enable
is not used
* Better validation of --premium options
* unsafe handling of unconditional #error
* unsafe suppressions of critical errors
* missing "misra-config" warning, calling unknown function in
condition
* If --premium=safety is used then go to "safety mode". Do not
override this in cppcheck.cfg
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=124
- update to 2.13.0
* newCheck passedByValueCallback for functions which take a
parameter by value but are used as callbacks
* newCheck returnImplicitInt for C functions without return type
* newCheck iterateByValue for iterating by value in a range-based
for loop when a const reference could be used
- Drop patches werror-return-type.patch, eb076d87.patch, and
CVE-2023-39070.patch which are part of upstream or fixed in a
similar way.
OBS-URL: https://build.opensuse.org/request/show/1134958
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=122
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=113
* Many improvements and fixes in checkers.
* New check: use memset/memcpy instead of loop
CLI:
* if the file provided via "--file-list" cannot be opened it
will now error out
* add command-line option "--disable=" to individually disable
checks
GUI:
* Detect when installed version is old. There is setting in
Edit/Preferences to turn this on.
* Fix path issue with backslashes
* Cleanup *.ctu-info files after analysis
Build:
* the deprecated Makefile option SRCDIR is no longer accepted
* added CMake option BUILD_CORE_DLL to build lib as
cppcheck-core.dll with Visual Studio
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=102
* restored check for negative allocation (new[]) and negative VLA sizes from
cppcheck 1.87 (LCppC backport)
* replaced hardcoded check for pipe() buffer size by library configuration
option (LCppC backport)
* on Windows the callstack is now being written to the output specific via
"--exception-handling"
* make it possible to disable the various exception handling parts via the
CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and
"NO_WINDOWS_SEH"
* detect more redundant calls of std::string::c_str(), std::string::substr(),
and unnecessary copies of containers
* Add a match function to addon similiar to Token::Match used internally by
cppcheck:
* | for either-or tokens(ie struct|class to match either struct or class)
* !! to negate a token
* It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords
* It supports (*), {*}, [*], and <*> to match links
* @ can be added to bind the token to a name
* ** can be used to match until a token
* Add math functions which can be used in library function definition. This
enables evaluation of more math functions in ValueFlow
* Further improve lifetime analysis with this pointers
* Propagate condition values from outer function calls
* Add debug intrinsics debug_valueflow and debug_valuetype to show more
detail including source backtraces
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=98
* Lifetime analysis can now track lifetime across user-defined constructors
when they are inline and using member initializer list.
* SymbolDatabase can now deduce iterator types from how they are specified in
the library files.
* ValueFlow can evaluate class member functions that return known values.
* Improve duplicateValueTenary to not warn when used as an lvalue or when one
branch has side effects
* Fix variableScope to not warn when variables are used in lambda functions
* Fix unassignedVariable warnings when using structured bindings
* Fix redundantInitialization warning when variable is used in a lambda
* Fix variableScope warnings when using if/while init-statement
* Improve lifetime analysis when returning variadic template expressions
* Detect more statements with constStatement
* Detect variableScope for more types
* Improvements to unreadVariable
* Detect more instances of C style casts
* Warn if the return value of new is discarded
* The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
* Extended library format to exclude specific function argument values
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=94
* Add support for container views. The view attribute has been added to the
<container> library tag to specify the class is a view. The lifetime
analysis has been updated to use this new attribute to find dangling
lifetime containers.
* Various checker improvements.
* Fixed false positives.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=85
- update to 2.6.2:
* New checks in core cppcheck:
* missing return in function
* writing overlapping data, detect undefined behavior
* compared value is out of possible type range
* Copy elision optimization can't be applied for return std::move(local)
* file can not be opened for read and write access at the same
time on different streams
* Various improvements
- drop 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/935858
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=83
* checked that all features in c++11, c++14, c++17 are supported
* c++20 support is improved but not complete yet
* improved library files, better knowledge about APIs
* improved checks to detect more bugs
* fixed checks to avoid unwanted warnings
* suspicious container/iterator assignment in condition
* rethrow without current handled exception
- drop 0002-Another-gcc11-fix-3179.patch, 0001-Fix-gcc11-build-errors.patch: upstream
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=81
- Update to version 2.3
Improved C++ parser:
* types
* wrong operands in ast
* better simplification of templates
Improved clang import, various fixes.
Improved value flow analysis
Fixed false positives
Improved configuration in library files
* boost.cfg
* googletest.cfg
* qt.cfg
* windows.cfg
* wxwidgets.cfg
Added several Misra rules:
* 6.1
* 6.2
* 7.2
* 7.4
* 9.2
* 10.2
* 15.4
Added platforms:
* elbrus e1c+
* pic
* pic8
* mips
- Update to version 2.2
New checks:
* incorrect usage of mutexes and lock guards
* Dereference end iterator
* Iterating a known empty container
* outOfBounds check for iterators to containers
Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
Improved parser
* various ast fixes
Clang parser
* The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
Improved bug hunting
* variable constraints
* handling of multidimension arrays
* function calls, execute functions that are in same TU
* improved handling of containers
* several improvements for uninitialized variables check
* improved analysis of for loops
* added a hash value for warnings that can be used for suppressions
Improved data flow
* one more heuristic for ternary operators
* improved data flow for containers
CLI:
* Fixed some addon execution problems when there are spaces etc
GUI:
* Fix handling of tags
* Exclude files
cppcheck-htmlreport:
* several result files can be combined into 1 output
Suppressions:
* comments can be added at end of suppression in suppressions file
OBS-URL: https://build.opensuse.org/request/show/855374
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=72
- Update to version 2.1
* We have tweaked build scripts.
* When you use USE_Z3=yes, we will handle new versions of z3 better. If you
have an old z3 library and get compilation problems you will need to add
a z3_version.h in externals.
* The cmake scripts was updated.
* There was a couple of bug fixes.
New check:
* for "expression % 1" the result is always 0.
- Run spec-cleaner
* Remove rpm groups
- Enable Z3 build flag
OBS-URL: https://build.opensuse.org/request/show/820762
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=70
- Update to version 1.90
* alias to vector element invalid after vector is changed
* improved value flow analysis for struct members
* improved value flow analysis for pointer alias
* CERT: Added ENV33-C: Do not call system()
* MISRA: added rules 2.7, 3.2, 4.2, 14.2, 21.1, 21.12
- update to version 1.89
* The default warning message format was changed. The new format
is similar to GCC. If you want to get warnings in the old
format, add --template=cppcheck1 to the command line.
* improved value flow analysis for pointer aliases
* improved checking for uninitialized variables/structs
* better checking of smart pointers
* better checking of global variables
* Added Cppcheck annotations cppcheck_low(VALUE) and
cppcheck_high(VALUE)
* shadow variables; warn when argument is shadowed
* warn if local reference variable can be const
* Added API01-C: Avoid laying out strings in memory directly
before sensitive data
* Added MSC24-C: Do not use deprecated or obsolescent functions
* Added STR11-C: Do not specify the bound of a character array
initialized with a string literal
* MISRA: added rules 17.2, 18.4, 18.7
OBS-URL: https://build.opensuse.org/request/show/781469
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=64
- Update to version 1.88:
* Comparing pointers that point to different objects
* Address of local variable 'x' is accessed at non-zero index
* STL usage: unnecessary search before insertion
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Better handling of C++14 and C++17
* New command line option --addon used to run addons directly from Cppcheck.
* Some advanced options are only available in GUI:
- Update to version 1.87:
* --project can now import Cppcheck GUI projects.
* Condition is always true when array address is compared with 0.
* function argument expression calculation has known result (#8830)
* Better lifetime checking (using pointer/reference that points at deleted object)
* Improved whole program analysis
* Better handling of language extension var@address.
* Many improvements in parser to handle templates, type aliases, etc better
* New addon for checking naming conventions. Naming conventions are configured in json file.
OBS-URL: https://build.opensuse.org/request/show/712743
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=62
- Update to 1.85:
Changes from 1.83:
Command line:
- fixes in parser
- Improved loading of platform files.
GUI:
- few minor improvements in user interface
- Code preview
- Added MISRA addon integration
- Platform can be selected in project settings
- Fixed issue when loading xml results file
Addons:
- We are now officially releasing our MISRA addon. So far it supports MISRA C 2012.
Changes from 1.85:
General:
- We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped.
You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.
Checking improvements:
- New check: Suggest STL algorithms instead of hard-coded for loops
- New check: Warn about ineffective algorithms (same iterator passed)
- New check: Mismatching iterators used together in operators
- Container (STL/Qt/WxWidgets/etc) access out of bounds
- Improved the checkers that warns about same/opposite expressions, track variable values better.
- Variable scope: warn about references also
Graphical user interface:
- You can specify undefines in the project file dialog
- Fixed configuration of suppressions
- Windows: Fixed issue of wrong/no theme being applied to UI elements
Misra:
- support per file excludes from cppcheck
OBS-URL: https://build.opensuse.org/request/show/642826
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=53
- Update to version 1.82
Bug fixes:
* Better handling of namespaces
* Fixed false positives
* Fixed parsing of compile databases
* Fixed parsing of visual studio projects
Enhancements
* New check; Detect mistakes when there are multiple strcmp() in
condition
Example:
if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C"))
There is a missing '==0', and therefore this condition is
always true except when password is "C".
* New check; pointer calculation result can't be NULL unless
there is overflow
Example:
someType **list_p = ...;
if ((list_p + 1) == NULL)
The result for '(list_p + 1)' can't be NULL unless there is
overflow (UB).
* New check; public interface of classes should be safe - detect
possible division by zero
Example:
class Fred {
public:
void setValue(int mul, int div) {
value = mul / div; // <- unsafe
}
...
This check does not consider how Fred::setValue() is really
called.
If you agree that the public interface of classes should
always be safe; it should be allowed to call all public
methods with arbitrary arguments, then this checker will be
useful.
* Fixed a few false negatives
* More information in the cfg files
version 1.81
CPPCHECK:
* New warning: Check if condition after an early return is
overlapping and therefore always false.
* Improved knowledge about C/C++ standard, windows, posix,
wxwidgets, gnu
* Better handling of Visual Studio projects
GUI:
* Compile: Qt5 is now needed to build the GUI
* Compile: New qmake flag HAVE_QCHART
* Project: You can now run cppcheck-addons
* Project: We have integrated clang-tidy
* Results view: Reload last results (if cppcheck build dir is
used) when GUI is started
* Results view: Tag the warnings with custom keywords
(bug/todo/not important/etc..)
* Results view: Shows when warning first appeared (since date)
* Results view: Suppress warnings through right-click menu
* Statistics: Added charts (shown if Qt charts module is enabled
during build)
version 1.80
Checking improvements:
* Added platform for Atmel AVR 8 bit microcontrollers (avr8)
* Better 'callstacks' in cppcheck messages
* Improved gnu.cfg, posix.cfg, wxwidgets.cfg and std.cfg, added
motif.cfg
* Various improvements to AST, ValueFlow analysis and template
parsing
Command line changes:
* Deprecated command line argument *-append has been removed
* New command line argument *-plist-output to create .plist
files
* New command line argument *-output-file to print output to
file directly
* Check OpenCL files (.cl)
GUI:
* Support export of statistics to PDF
* Several small usability improvements
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.79
General changes:
* C++ code in C files is rejected now (use *-language=c++ to
enforce checking the code as C++)
* Write function access type to XML dump
Checking improvements:
* Improved configuration extraction in preprocessor
* Improved accuracy of AST
* Improved template parsing
* Improved support for (STL) containers in SymbolDatabase
* Improved support for C++11's 'auto' type
* Experimental support for uninitialized variables in ValueFlow
analysis
* Added qt.cfg and sfml.cfg, improved several existing .cfg files
GUI:
* Use CFGDIR macro
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
version 1.78
General changes:
* Reduced memory usage by up to 10% by reducing size of token
list
New checks:
* Mismatching argument names between function declaration and
definition
* Detect classes which have a copy constructor but no copy
operator and vice versa
Checking improvements:
* Improved matching of overloaded functions
* Improved ValueType analysis, especially related to allocations
with "new" and C++11's "auto"
* Improved support for C++11 brace initialization
* Improved ValueFlow analysis
* Improved template parsing
* Improved detection of memory leaks
* Improved nullpointer checking when nullptr and NULL are used
* Detect array out of bounds across compilation units
* Extended windows.cfg, posix.cfg and std.cfg
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
OBS-URL: https://build.opensuse.org/request/show/577725
OBS-URL: https://build.opensuse.org/package/show/devel:tools/cppcheck?expand=0&rev=51