cppcheck

For information, I wrote a blog post about "safe checks" https://danielmarjamaki.blogspot.com/2019/07/static-analysis-safe-interfaces-my-plan.html This is new checking that is added to Cppcheck. I believe it will help you detect more bugs that are out of reach for other tools.

Today I started a new Kickstarter crowdfunding project with the goal to detect more uninitialized variable usage in your code: https://www.kickstarter.com/projects/3300446/cppcheck-5259 We have a few tickets that I believe are "low hanging fruit" - ... [More] they would be relatively quick to fix and would increase bug detection. It is a shame that these tickets are unfixed for years. We need funding to get more speed. Ticket 5259 is one "low hanging fruit" ticket. Please contribute! [Less]

Cppcheck-1.88 has been released. New checks: * Comparing pointers that point to different objects * Address of local variable 'x' is accessed at non-zero index * STL usage: unnecessary search before insertion * Duplicate expression for condition ... [More] and assignment: if (x==3) x=3; Added --library configuration files for: * cppunit * libcerror * nspr * opengl * sqlite3 Better handling of C++14 and C++17 Command line: * New command line option --addon used to run addons directly from Cppcheck. * Some advanced options are only available in GUI: - remove unused declarations in header files to speedup analysis - remove unused templates to speedup analysis - when checking visual studio project, only check 1 configuration - max whole-program-analysis call stack depth To get these features in command line tool, create a GUI project file and import that on command line using --project. GUI: * started implementing theme support Makefile: Please use MATCHCOMPILER=yes instead of SRCDIR=build when compiling to enable the match compiler. Cert: * add check exp15-c * add check str03-c * add check str05-c * add check str07-c Misra: * Add check 17.7 * Add check 20.7 * Add check 20.10 [Less]

A new crowdfunding project has been created that has the goal to detect more uninitialized variable usage in your code. https://www.indiegogo.com/projects/cppcheck-detect-more-uninitalized-variable-usage/x/21980698#/

A kickstarter project has been created to add a check to our MISRA addon. https://www.kickstarter.com/projects/3300446/improve-misra-checking The MISRA addon does not get enough attention at the moment. This kickstarter project can change that.

Cppcheck-1.86 has been released General: * Many fixes in the template simplifier * Several fixes in the abstract syntax tree. Checking improvements: * New check: passing address of char to function that expects a strz * New check: shadow ... [More] variables * Improved lifetime checking * Improved STL iterators checking * Improved data flow analysis New libraries: * zlib * googletest Addons: * misra.py: Fixes for suppressions and exclusions * namingng.py: New addon to check naming conventions. Rules are specified in json file. [Less]

Cppcheck-1.85 has been released. General: We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6. According to "daca@home" ... [More] (http://cppcheck.osuosl.org:8000) There are fewer crashes. Cppcheck-1.85 is ~25% slower than Cppcheck-1.84 Checking improvements: New check: Suggest STL algorithms instead of hard-coded for loops New check: Warn about ineffective algorithms (same iterator passed) New check: Mismatching iterators used together in operators Container (STL/Qt/WxWidgets/etc) access out of bounds Improved the checkers that warns about same/opposite expressions, track variable values better. logical conjunctions identical/opposite inner expressions same expressions around operator etc Variable scope: warn about references also Graphical user interface: You can specify undefines in the project file dialog Fixed configuration of suppressions Windows: Fixed issue of wrong/no theme being applied to UI elements Misra: support per file excludes from cppcheck support per file suppressions from cppcheck summary will now summarize results for all files again a few false positives were fixed [Less]

Cppcheck-1.83 has been released The biggest news is that Cppcheck now has "MISRA C 2012" compliance checks Command line: - fixes in parser - Improved loading of platform files. GUI: - few minor improvements in user interface - Code preview - ... [More] Added MISRA addon integration - Platform can be selected in project settings - Fixed issue when loading xml results file Addons: - We are now officially releasing our MISRA addon. So far it supports MISRA C 2012. [Less]

We have released Cppcheck-1.82. The release notes are: Bug fixes: Better handling of namespaces Fixed false positives Fixed parsing of compile databases Fixed parsing of visual studio projects Enhancements New check; Detect mistakes when there ... [More] are multiple strcmp() in condition Example: if (strcmp(password,"A")==0 || strcmp(password,"B")==0 || strcmp(password,"C")) There is a missing '==0', and therefore this condition is always true except when password is "C". New check; pointer calculation result can't be NULL unless there is overflow Example: someType **list_p = ...; if ((list_p + 1) == NULL) The result for '(list_p + 1)' can't be NULL unless there is overflow (UB). New check; public interface of classes should be safe - detect possible division by zero Example: class Fred { public: void setValue(int mul, int div) { value = mul / div; // <- unsafe } ... This check does not consider how Fred::setValue() is really called. If you agree that the public interface of classes should always be safe; it should be allowed to call all public methods with arbitrary arguments, then this checker will be useful. Fixed a few false negatives More information in the cfg files [Less]

Cppcheck-1.81 has been released CPPCHECK: * New warning: Check if condition after an early return is overlapping and therefore always false. * Improved knowledge about C/C++ standard, windows, posix, wxwidgets, gnu * Better handling of Visual ... [More] Studio projects GUI: * Compile: Qt5 is now needed to build the GUI * Compile: New qmake flag HAVE_QCHART * Project: You can now run cppcheck-addons * Project: We have integrated clang-tidy * Results view: Reload last results (if cppcheck build dir is used) when GUI is started * Results view: Tag the warnings with custom keywords (bug/todo/not important/etc..) * Results view: Shows when warning first appeared (since date) * Results view: Suppress warnings through right-click menu * Statistics: Added charts (shown if Qt charts module is enabled during build) [Less]