46
I Use This!
Activity Not Available

News

Analyzed almost 2 years ago. based on code collected over 2 years ago.
Posted 8 months ago by Daniel Marjamäki
Today, Cppcheck-2.7 is released Add support for container views. The view attribute has been added to the library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers. Various checker improvements. Fixed false positives.
Posted 11 months ago by Daniel Marjamäki
Today a tool with the name Cppcheck Premium is launched. It integrates the open source Cppcheck tool and a premium addon into a package. You will get: * Open source Cppcheck command line tool. * Analysis; Extra checking for memory errors ... [More] , diagnoses one of the bugs reported in CVE-2019-15048. * Security: Binaries and installer are signed using an organization certificate. (This removes the "Unknown Publisher" warning). * Currently, Cppcheck Premium only includes a Windows installer. Feel free to contact us if you want Linux binaries. More Cppcheck Premium features are coming, for example: * Detect more memory errors and other undefined behavior * Misra rule texts * Improved Clang import It will be free to use during November. Cppcheck Premium is developed by the Swedish company Cppcheck Solutions AB. Cppcheck Solutions AB has ambitious goals for Cppcheck and will actively contribute to the open source Cppcheck project. To get Cppcheck Premium, contact sales@cppchecksolutions.com [Less]
Posted 12 months ago by Daniel Marjamäki
New checks in core cppcheck: * missing return in function * writing overlapping data, detect undefined behavior * compared value is out of possible type range * [perf] Copy elision optimization can't be applied for return std::move(local) * ... [More] file can not be opened for read and write access at the same time on different streams Various improvements: * Color output for diagnostics are added for unix-based platforms. * Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable. * Rules using the "define" tokenlist can also match #include as well. * Library tags can now use tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container. * Library tag can specify a tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership. * Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis. * htmlreport can now output author information (using git blame) * More warnings about variables that is not const but can be const Misra C 2012 compliance has been "completed" All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2. The rules 1.1 and 1.2 must be checked with a compiler. The rule 17.3 can be checked by a compiler, for instance GCC. [Less]
Posted about 1 year ago by Daniel Marjamäki
A new Cppcheck release Parser: * various fixes * checked that all features in c++11, c++14, c++17 are supported * c++20 support is improved but not complete yet Core: * improved library files, better knowledge about APIs * improved checks to ... [More] detect more bugs * fixed checks to avoid unwanted warnings Changed output: * try to use relative paths when using compile databases, if compile database is accessed with relative path * updated XML; The file0 attribute is moved from to Misra: * fixed crashes and false positives New checks: * suspicious container/iterator assignment in condition * rethrow without current handled exception [Less]
Posted over 1 year ago by Daniel Marjamäki
There has been questions before about how well Cppcheck handles the latest C++ standard language features. And unfortunately I feel I could not answer that very well. Lately I have been investigating C++20 (and below) support. Cppcheck-2.4.1 has ... [More] pretty good support overall for C++17 (and lower) and it also handle a few C++20 features. We have improved the parser and I now feel that latest Cppcheck development build support all C++17 language features and a couple of additional C++20 features. The improved parser will be available in Cppcheck-2.5. The builtin Cppcheck parser is designed to handle incomplete code and code with various compiler extensions. As a consequence it is not very strict. Therefore the checks do not have very strict requirements neither. In my investigation I wanted to ensure that Cppcheck parser meets the requirements of the checks so you will catch bugs and avoid false positives. Here is a table with my notes for C++17 language features: Making the text message for static_assert optional Yes Allow typename in a template template parameter Yes New rules for auto deduction from braced-init-list Yes Nested namespace definitions Yes Attributes for namespaces and enumerators Yes attribute [[fallthrough]] Yes attribute [[nodiscard]] Yes attribute [[maybe_unused]] Yes UTF-8 character literals Yes Hexadecimal floating-point literals Yes Use of auto as the type for a non-type template parameter Yes Constant evaluation for all non-type template arguments Yes (template is not instantiated) Fold expressions, for variadic templates Yes (fold expressions are replaced by function call) if constexpr Yes Structured binding declarations Yes Initializers in if and switch Yes copy-initialization and direct initialization (copy-elision) Yes, not optimised Some extensions on over-aligned memory allocation Yes Class template argument deduction Yes (template is not instantiated) Inline variables Yes __has_include Yes Value of __cplusplus changed to 201703L Yes Exception specifications were made part of the function type Yes, not strict Direct list initialization of enums Yes constexpr lambda Yes Lambda capture this by value Yes The C++20 support is work in progress, and will hopefully be ready soon. [Less]
Posted over 1 year ago by Daniel Marjamäki
We have made a fix release with this little fix: The windows installer was fixed, there was a missing file for the Misra addon.
Posted over 1 year ago by Daniel Marjamäki
Fixed false negatives and false positives New check; Detect one definition rule violations Various improvements: * MISRA improvements * ImportProject fixes * Various bug hunting improvements * Fixes when importing AST from clang
Posted almost 2 years ago by Daniel Marjamäki
Improved C++ parser - types - wrong operands in ast - better simplification of templates Improved clang import, various fixes. Improved value flow analysis Fixed false positives Improved configuration in library files - boost.cfg - ... [More] googletest.cfg - qt.cfg - windows.cfg - wxwidgets.cfg Added several Misra rules: - 6.1 - 6.2 - 7.2 - 7.4 - 9.2 - 10.2 - 15.4 Added platforms: - elbrus e1c+ - pic - pic8 - mips [Less]
Posted almost 2 years ago by Daniel Marjamäki
New checks: * incorrect usage of mutexes and lock guards * Dereference end iterator * Iterating a known empty container * outOfBounds check for iterators to containers Removed 'operator=' check that ensures reference to self is returned. That is ... [More] not about safety. Improved parser * various ast fixes Clang parser * The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems. Improved bug hunting * variable constraints * handling of multidimension arrays * function calls, execute functions that are in same TU * improved handling of containers * several improvements for uninitialized variables check * improved analysis of for loops * added a hash value for warnings that can be used for suppressions Improved data flow * one more heuristic for ternary operators * improved data flow for containers CLI: * Fixed some addon execution problems when there are spaces etc GUI: * Fix handling of tags * Exclude files cppcheck-htmlreport: * several result files can be combined into 1 output Suppressions: * comments can be added at end of suppression in suppressions file [Less]
Posted almost 2 years ago by Daniel Marjamäki
I have launched one more Kickstarter project. Its goal is to improve the Clang import feature in Cppcheck. There are two tasks: Comparison of Clang/Cppcheck syntax tree. This will help us ensure that Cppcheck and Clang import work properly. The ... [More] Cppcheck SymbolDatabase has a few fields for Variables that are not set properly by Clang import. Link to project: https://www.kickstarter.com/projects/3300446/cppcheck-clang-import [Less]